From: Martin v. Löwis <martin@v.loewis.de>
Date: Fri, 4 Mar 2005 14:38:07 +0000 (+0000)
Subject: Patches #925152, #1118602: Avoid reading after the end of the buffer
X-Git-Tag: v2.4.1c1~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dce2f3605bc56187d1b8af83920d1a210443ec70;p=thirdparty%2FPython%2Fcpython.git

Patches #925152, #1118602: Avoid reading after the end of the buffer
in pyexpat.GetInputContext.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 93ca629d5db2..b43542950f00 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -33,6 +33,9 @@ Core and builtins
 Extension Modules
 -----------------
 
+- Patches #925152, #1118602: Avoid reading after the end of the buffer
+  in pyexpat.GetInputContext.
+
 - Patch #1093585: raise a ValueError for negative history items in readline.
   {remove_history,replace_history}
 
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index d359a7405c2f..e6c14f8a2db4 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1082,7 +1082,7 @@ xmlparse_GetInputContext(xmlparseobject *self, PyObject *args)
                 = XML_GetInputContext(self->itself, &offset, &size);
 
             if (buffer != NULL)
-                result = PyString_FromStringAndSize(buffer + offset, size);
+                result = PyString_FromStringAndSize(buffer + offset, size - offset);
             else {
                 result = Py_None;
                 Py_INCREF(result);