]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3506125)
gh-148093: Raise binascii.Error from binascii.a2b_uu() on empty input (GH-149077)
authorMaurycy Pawłowski-Wieroński <maurycy@maurycy.com>
Mon, 4 May 2026 09:40:52 +0000 (11:40 +0200)
committerGitHub <noreply@github.com>
Mon, 4 May 2026 09:40:52 +0000 (12:40 +0300)
Instead of reading past the end of the empty buffer.

Lib/test/test_binascii.py patch | blob | blame | history
Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst [new file with mode: 0644] patch | blob
Modules/binascii.c patch | blob | blame | history

diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py
index 6991e2ef6815e3b261a24e041bb489e8595a33b7..cedbdc61f18f3413699d41e305b1dbdbbac34766 100644 (file)
--- a/Lib/test/test_binascii.py
+++ b/Lib/test/test_binascii.py
@@ -1306,6 +1306,10 @@ class BinASCIITest(unittest.TestCase):
         self.assertEqual(binascii.a2b_uu(b"\xff"), b"\x00"*31)
         self.assertRaises(binascii.Error, binascii.a2b_uu, b"\xff\x00")
         self.assertRaises(binascii.Error, binascii.a2b_uu, b"!!!!")
+        self.assertRaises(binascii.Error, binascii.a2b_uu,
+                          self.type2test(b""))
+        self.assertRaises(binascii.Error, binascii.a2b_uu,
+                          self.type2test(b"#86)C")[:0])
         self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!")
 
         # Issue #7701 (crash on a pydebug build)
@@ -1522,6 +1526,9 @@ class BinASCIITest(unittest.TestCase):
                 binascii.crc_hqx(empty, 0)
                 continue
             f = getattr(binascii, func)
+            if func == 'a2b_uu':
+                self.assertRaises(binascii.Error, f, empty)
+                continue
             try:
                 f(empty)
             except Exception as err:
diff --git a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
new file mode 100644 (file)
index 0000000..9418044
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
@@ -0,0 +1,2 @@
+Fix an out-of-bounds read of one byte in :func:`binascii.a2b_uu`. Raise
+:exc:`binascii.Error`, instead of reading past the buffer end.
diff --git a/Modules/binascii.c b/Modules/binascii.c
index 7e6e9655f8d4984223c634e1fe5d9158b6e3f977..673dca6ee134bd800583891ed6ebeed3c184535d 100644 (file)
--- a/Modules/binascii.c
+++ b/Modules/binascii.c
@@ -508,6 +508,14 @@ binascii_a2b_uu_impl(PyObject *module, Py_buffer *data)
     assert(ascii_len >= 0);
 
     /* First byte: binary data length (in bytes) */
+    if (ascii_len == 0) {
+        state = get_binascii_state(module);
+        if (state == NULL) {
+            return NULL;
+        }
+        PyErr_SetString(state->Error, "Missing length byte");
+        return NULL;
+    }
     bin_len = (*ascii_data++ - ' ') & 077;
     ascii_len--;
 
Mirror of https://github.com/python/cpython.git