[Python-checkins] CVS: python/dist/src/Modules binascii.c,2.32,2.33
Tim Peters
tim_one@users.sourceforge.net
2001年12月18日 20:41:37 -0800
Update of /cvsroot/python/python/dist/src/Modules
In directory usw-pr-cvs1:/tmp/cvs-serv31416/python/Modules
Modified Files:
binascii.c
Log Message:
SF bug #494738: binascii_b2a_base64 overwrites memory.
binascii_b2a_base64(): We didn't allocate enough buffer space for very
short inputs (e.g., a 1-byte input can produce a 5-byte output, but we
only allocated 2 bytes). I expect that malloc overheads absorbed the
overrun in practice, but computing a correct upper bound is a very simple
change.
Index: binascii.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/binascii.c,v
retrieving revision 2.32
retrieving revision 2.33
diff -C2 -d -r2.32 -r2.33
*** binascii.c 2001年10月30日 03:00:52 2.32
--- binascii.c 2001年12月19日 04:41:35 2.33
***************
*** 138,142 ****
/* Max binary chunk size; limited only by available memory */
! #define BASE64_MAXBIN (INT_MAX/2 - sizeof(PyStringObject))
static unsigned char table_b2a_base64[] =
--- 138,142 ----
/* Max binary chunk size; limited only by available memory */
! #define BASE64_MAXBIN (INT_MAX/2 - sizeof(PyStringObject) - 3)
static unsigned char table_b2a_base64[] =
***************
*** 437,442 ****
}
! /* We're lazy and allocate to much (fixed up later) */
! if ( (rv=PyString_FromStringAndSize(NULL, bin_len*2)) == NULL )
return NULL;
ascii_data = (unsigned char *)PyString_AsString(rv);
--- 437,444 ----
}
! /* We're lazy and allocate too much (fixed up later).
! "+3" leaves room for up to two pad characters and a trailing
! newline. Note that 'b' gets encoded as 'Yg==\n' (1 in, 5 out). */
! if ( (rv=PyString_FromStringAndSize(NULL, bin_len*2 + 3)) == NULL )
return NULL;
ascii_data = (unsigned char *)PyString_AsString(rv);