[issue29990] Range checking in GB18030 decoder
STINNER Victor
report at bugs.python.org
Thu Apr 6 02:54:09 EDT 2017
STINNER Victor added the comment:
An incorrect implementation of a decoder might lead to security vulnerabilities:
http://unicodebook.readthedocs.io/issues.html#security-vulnerabilities
*But* UTF-8 decoder of Python 2 is *not* strict and nobody complained.
I suggest that, once the changed is merged in master, backport the fix to 3.6 and 3.5.
But I'm not sure that it's worth it to backport it to 2.7? Is there a risk to break an application?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29990>
_______________________________________
More information about the Python-bugs-list
mailing list