[issue44068] Possible divide by zero problems
yiyuaner
report at bugs.python.org
Fri May 7 11:00:44 EDT 2021
New submission from yiyuaner <yguoaz at gmail.com>:
In the file Objects/unicodeobject.c, we have the following code:
static PyObject*
resize_compact(PyObject *unicode, Py_ssize_t length) {
...
char_size = PyUnicode_KIND(unicode);
...
if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
PyErr_NoMemory();
return NULL;
}
}
However, PyUnicode_KIND may return 0 if the variable unicode has kind PyUnicode_WCHAR_KIND, leading to a divide by zero problem.
The same pattern is also used without checking in function "static int
resize_inplace(PyObject *unicode, Py_ssize_t length)".
Here is the link to the code location: https://github.com/python/cpython/blob/main/Objects/unicodeobject.c#L1045
Should we add an explicit check on variable char_size before using it in division?
----------
components: Unicode
messages: 393188
nosy: ezio.melotti, vstinner, yiyuaner
priority: normal
severity: normal
status: open
title: Possible divide by zero problems
type: behavior
versions: Python 3.11
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44068>
_______________________________________
More information about the Python-bugs-list
mailing list