Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Heap buffer overflow in_PyTokenizer_ensure_utf8 #144872

Open
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)topic-parsertype-bugAn unexpected behavior, bug, or error
@AdamKorcz

Description

@AdamKorcz

Bug report

Bug description:

OSS-Fuzz has found a heap buffer overflow in_PyTokenizer_ensure_utf8.Link to OSS-Fuzz bug report.

The root cause is thatvalid_utf8() inParser/tokenizer/helpers.c checks continuation bytes in reverse order thus readers[expected] befores[1] on these lines:

for (;expected;expected--)
if (s[expected]<0x80||s[expected] >=0xC0)
return0;

When a multi-byte UTF-8 sequence is truncated - such as a 3-byte lead\xEA followed immediately by a null terminator - the backward loop reads past the end of the valid data before encountering the null byte that would stop it.

This is not a security-critical issue.

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    interpreter-core(Objects, Python, Grammar, and Parser dirs)topic-parsertype-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions


      [8]ページ先頭

      ©2009-2026 Movatter.jp