git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Serhiy Storchaka <storchaka@gmail.com>
	Mon, 26 May 2025 03:33:22 +0000 (06:33 +0300)
committer	GitHub <noreply@github.com>
	Mon, 26 May 2025 03:33:22 +0000 (20:33 -0700)
commit	4398b788ffc1f954a2c552da285477d42a571292
tree	b94bd4336b84d639638d7cc324af6900895a0258	tree \| snapshot
parent	310cd8943a574f43c3885aa54519a6a9017c0abc	commit \| diff

[3.12] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) (#134337)

If the error handler is used, a new bytes object is created to set as
the object attribute of UnicodeDecodeError, and that bytes object then
replaces the original data. A pointer to the decoded data will became invalid
after destroying that temporary bytes object. So we need other way to return
the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal().

_PyBytes_DecodeEscape() does not have such issue, because it does not
use the error handlers registry, but it should be changed for compatibility
with _PyUnicode_DecodeUnicodeEscapeInternal().
(cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e)
(cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d)

Include/cpython/bytesobject.h		diff \| blob \| blame \| history
Include/cpython/unicodeobject.h		diff \| blob \| blame \| history
Lib/test/test_codeccallbacks.py		diff \| blob \| blame \| history
Lib/test/test_codecs.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2025-05-09-20-22-54.gh-issue-133767.kN2i3Q.rst	[new file with mode: 0644]	blob
Objects/bytesobject.c		diff \| blob \| blame \| history
Objects/unicodeobject.c		diff \| blob \| blame \| history
Parser/string_parser.c		diff \| blob \| blame \| history