[Python-checkins] cpython (merge 3.6 -> default): Issue #28275: Fixed possible use adter free in LZMADecompressor.decompress().
serhiy.storchaka
python-checkins at python.org
Tue Sep 27 13:24:45 EDT 2016
https://hg.python.org/cpython/rev/6117d0e1a5c9
changeset: 104102:6117d0e1a5c9
parent: 104098:9e59cb403efa
parent: 104101:52f8eb2fa6a6
user: Serhiy Storchaka <storchaka at gmail.com>
date: Tue Sep 27 20:24:19 2016 +0300
summary:
Issue #28275: Fixed possible use adter free in LZMADecompressor.decompress().
Original patch by John Leitch.
files:
Lib/test/test_lzma.py | 9 +++++++++
Misc/NEWS | 3 +++
Modules/_lzmamodule.c | 4 +++-
3 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/Lib/test/test_lzma.py b/Lib/test/test_lzma.py
--- a/Lib/test/test_lzma.py
+++ b/Lib/test/test_lzma.py
@@ -246,6 +246,15 @@
lzd = LZMADecompressor(lzma.FORMAT_RAW, filters=FILTERS_RAW_1)
self.assertRaises(LZMAError, lzd.decompress, COMPRESSED_XZ)
+ def test_decompressor_bug_28275(self):
+ # Test coverage for Issue 28275
+ lzd = LZMADecompressor()
+ for i in range(2):
+ try:
+ lzd.decompress(COMPRESSED_RAW_1)
+ except LZMAError:
+ pass
+
# Test that LZMACompressor->LZMADecompressor preserves the input data.
def test_roundtrip_xz(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -47,6 +47,9 @@
Library
-------
+- Issue #28275: Fixed possible use adter free in LZMADecompressor.decompress().
+ Original patch by John Leitch.
+
- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
if pass invalid string-like object as a name. Patch by Xiang Zhang.
diff --git a/Modules/_lzmamodule.c b/Modules/_lzmamodule.c
--- a/Modules/_lzmamodule.c
+++ b/Modules/_lzmamodule.c
@@ -995,8 +995,10 @@
}
result = decompress_buf(d, max_length);
- if(result == NULL)
+ if (result == NULL) {
+ lzs->next_in = NULL;
return NULL;
+ }
if (d->eof) {
d->needs_input = 0;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list