From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Thu, 12 Mar 2026 11:21:43 +0000 (+0100)
Subject: [3.13] gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadli... 
X-Git-Tag: v3.13.13~98
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e98936171b994c6218fb56bcf1bc414e94704fcc;p=thirdparty%2FPython%2Fcpython.git

[3.13] gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910) (#145853)

gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910)
(cherry picked from commit 86a0756234df7ce42fa4731c91067cb7f2e244d5)

Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
---

diff --git a/Lib/test/test_cmd_line.py b/Lib/test/test_cmd_line.py
index dc420f33c233..9623d0c0b52f 100644
--- a/Lib/test/test_cmd_line.py
+++ b/Lib/test/test_cmd_line.py
@@ -195,6 +195,14 @@ class CmdLineTest(unittest.TestCase):
         self.assertTrue(data.find(b'1 loop') != -1)
         self.assertTrue(data.find(b'__main__.Timer') != -1)
 
+    @support.cpython_only
+    def test_null_byte_in_interactive_mode(self):
+        # gh-140594: Fix an out of bounds read when a single NUL character
+        # is read from the standard input in interactive mode.
+        proc = spawn_python('-i')
+        proc.communicate(b'\x00', timeout=support.SHORT_TIMEOUT)
+        self.assertEqual(proc.returncode, 0)
+
     def test_relativedir_bug46421(self):
         # Test `python -m unittest` with a relative directory beginning with ./
         # Note: We have to switch to the project's top module's directory, as per
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst
new file mode 100644
index 000000000000..aa126e7e25bb
--- /dev/null
+++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst
@@ -0,0 +1,2 @@
+Fix an out of bounds read when a single NUL character is read from the standard input.
+Patch by Shamil Abdulaev.
diff --git a/Parser/myreadline.c b/Parser/myreadline.c
index 74c44ff77717..1e49800329ce 100644
--- a/Parser/myreadline.c
+++ b/Parser/myreadline.c
@@ -342,7 +342,7 @@ PyOS_StdioReadline(FILE *sys_stdin, FILE *sys_stdout, const char *prompt)
             break;
         }
         n += strlen(p + n);
-    } while (p[n-1] != '\n');
+    } while (n == 0 || p[n-1] != '\n');
 
     pr = (char *)PyMem_RawRealloc(p, n+1);
     if (pr == NULL) {