[Python-checkins] r73871 - python/trunk/Objects/unicodeobject.c
alexandre.vassalotti
python-checkins at python.org
Tue Jul 7 04:17:30 CEST 2009
Author: alexandre.vassalotti
Date: Tue Jul 7 04:17:30 2009
New Revision: 73871
Log:
Grow the allocated buffer in PyUnicode_EncodeUTF7 to avoid buffer overrun.
Without this change, test_unicode.UnicodeTest.test_codecs_utf7 crashes in
debug mode. What happens is the unicode string u'\U000abcde' with a length
of 1 encodes to the string '+2m/c3g-' of length 8. Since only 5 bytes is
reserved in the buffer, a buffer overrun occurs.
Modified:
python/trunk/Objects/unicodeobject.c
Modified: python/trunk/Objects/unicodeobject.c
==============================================================================
--- python/trunk/Objects/unicodeobject.c (original)
+++ python/trunk/Objects/unicodeobject.c Tue Jul 7 04:17:30 2009
@@ -1752,7 +1752,7 @@
{
PyObject *v;
/* It might be possible to tighten this worst case */
- Py_ssize_t allocated = 5 * size;
+ Py_ssize_t allocated = 8 * size;
int inShift = 0;
Py_ssize_t i = 0;
unsigned int base64bits = 0;
@@ -1760,7 +1760,7 @@
char * out;
char * start;
- if (allocated / 5 != size)
+ if (allocated / 8 != size)
return PyErr_NoMemory();
if (size == 0)
More information about the Python-checkins
mailing list