| # HG changeset patch |
| # User Benjamin Peterson <benjamin@python.org> |
| # Date 1397441438 14400 |
| # Node ID 50c07ed1743da9cd4540d83de0c30bd17aeb41b0 |
| # Parent 218e28a935ab4494d05215c243e2129625a71893 |
| in scan_once, prevent the reading of arbitrary memory when passed a negative index |
| |
| Bug reported by Guido Vranken. |
| |
| Index: Python-3.3.5/Lib/json/tests/test_decode.py |
| =================================================================== |
| --- Python-3.3.5.orig/Lib/test/test_json/test_decode.py 2014-06-26 18:40:10.825269130 +0200 |
| +++ Python-3.3.5/Lib/test/test_json/test_decode.py 2014-06-26 18:40:21.962323035 +0200 |
| @@ -60,5 +60,10 @@ |
| msg = 'escape' |
| self.assertRaisesRegexp(ValueError, msg, self.loads, s) |
| |
| + def test_negative_index(self): |
| + d = self.json.JSONDecoder() |
| + self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000) |
| + self.assertRaises(ValueError, d.raw_decode, u'a'*42, -50000) |
| + |
| class TestPyDecode(TestDecode, PyTest): pass |
| class TestCDecode(TestDecode, CTest): pass |
| Index: Python-3.3.5/Misc/ACKS |
| =================================================================== |
| --- Python-3.3.5.orig/Misc/ACKS 2014-06-26 18:40:10.826269135 +0200 |
| +++ Python-3.3.5/Misc/ACKS 2014-06-26 18:40:21.962323035 +0200 |
| @@ -1085,6 +1085,7 @@ |
| Frank Visser |
| Johannes Vogel |
| Alex Volkov |
| +Guido Vranken |
| Martijn Vries |
| Niki W. Waibel |
| Wojtek Walczak |
| Index: Python-3.3.5/Modules/_json.c |
| =================================================================== |
| --- a/Modules/_json.c |
| +++ b/Modules/_json.c |
| @@ -975,7 +975,10 @@ scan_once_unicode(PyScannerObject *s, Py |
| kind = PyUnicode_KIND(pystr); |
| length = PyUnicode_GET_LENGTH(pystr); |
| |
| - if (idx >= length) { |
| + if (idx < 0) |
| + /* Compatibility with Python version. */ |
| + idx += length; |
| + if (idx < 0 || idx >= length) { |
| PyErr_SetNone(PyExc_StopIteration); |
| return NULL; |
| } |