Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork34.3k
Closed as duplicate of#146093
Description
Bug report
Bug description:
InModules/_csv.c,_set_str() does not check the return value ofPyUnicode_DecodeASCII() when using the default value. If the allocation fails (OOM),*target is set toNULL and the function returns0 (success).
https://github.com/python/cpython/blob/main/Modules/_csv.c#L315-L329
staticint_set_str(constchar*name,PyObject**target,PyObject*src,constchar*dflt){if (src==NULL)*target=PyUnicode_DecodeASCII(dflt,strlen(dflt),NULL);// ^^^ no NULL checkelse { ... }return0;// Returns 0 even if allocation failed}
This function is called forlineterminator:
DIASET(_set_str,"lineterminator",&self->lineterminator,lineterminator,"\r\n");
If allocation fails,self->lineterminator isNULL. Subsequent calls toPyUnicode_GET_LENGTH(dialect->lineterminator) (e.g. injoin_append_data at line 1183 orjoin_append_lineterminator at line 1299) will dereferenceNULL.
Fix
staticint_set_str(constchar*name,PyObject**target,PyObject*src,constchar*dflt){if (src==NULL) {*target=PyUnicode_DecodeASCII(dflt,strlen(dflt),NULL);if (*target==NULL)return-1; }else {if (!PyUnicode_Check(src)) {PyErr_Format(PyExc_TypeError,"\"%s\" must be a string, not %T",name,src);return-1; }Py_XSETREF(*target,Py_NewRef(src)); }return0;}
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Metadata
Metadata
Assignees
Projects
Status
Done