From: Eli Bendersky Date: Sun, 4 Aug 2013 13:09:49 +0000 (-0700) Subject: Issue #13612: Fix a buffer overflow in case of a multi-byte encoding. X-Git-Tag: v2.7.6rc1~258 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b67170114949f13c1eacf6d58a06482bb7b78dd0;p=thirdparty%2FPython%2Fcpython.git Issue #13612: Fix a buffer overflow in case of a multi-byte encoding. This is a belated backport of f7b47fb30169; Patch by Serhiy Storchaka. --- diff --git a/Lib/test/test_xml_etree.py b/Lib/test/test_xml_etree.py index 4f06d20c0458..adb785247d57 100644 --- a/Lib/test/test_xml_etree.py +++ b/Lib/test/test_xml_etree.py @@ -883,6 +883,12 @@ def check_encoding(encoding): >>> check_encoding("iso-8859-15") >>> check_encoding("cp437") >>> check_encoding("mac-roman") + >>> check_encoding("gbk") + Traceback (most recent call last): + ValueError: multi-byte encodings are not supported + >>> check_encoding("cp037") + Traceback (most recent call last): + ParseError: unknown encoding: line 1, column 30 """ ET.XML("" % encoding) diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c index 379aa01d0a57..b9abcac8d0c8 100644 --- a/Modules/_elementtree.c +++ b/Modules/_elementtree.c @@ -2427,6 +2427,8 @@ expat_unknown_encoding_handler(XMLParserObject *self, const XML_Char *name, if (PyUnicode_GET_SIZE(u) != 256) { Py_DECREF(u); + PyErr_SetString(PyExc_ValueError, + "multi-byte encodings are not supported"); return XML_STATUS_ERROR; } diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c index f2691136ca83..8de3fb17d331 100644 --- a/Modules/pyexpat.c +++ b/Modules/pyexpat.c @@ -1252,6 +1252,13 @@ PyUnknownEncodingHandler(void *encodingHandlerData, if (_u_string == NULL) return result; + if (PyUnicode_GET_SIZE(_u_string) != 256) { + Py_DECREF(_u_string); + PyErr_SetString(PyExc_ValueError, + "multi-byte encodings are not supported"); + return result; + } + for (i = 0; i < 256; i++) { /* Stupid to access directly, but fast */ Py_UNICODE c = _u_string->str[i];