New submission from Andrei Talaba <atal...@fb.com>:
The CPython interpreter write out-of-bounds of allocated memory in certain edge cases in the utf-16 and utf-32 encoders. The attached script registers two error handlers that either write one ascii character, or two bytes, and tells the encoder to start again from the start of the encoding error. The script then tries to encode an invalid codepoint in either utf-16 or utf-32. Each of the calls to encode independently cause segfaults Since the encoder starts over again and keeps trying to append the result of the error handler, the lack of proper re-allocations leads to a buffer overflow, and corrupts the stack. ---------- components: Interpreter Core files: encode_crash.py messages: 341599 nosy: atalaba, serhiy.storchaka, vstinner priority: normal severity: normal status: open title: Crash during encoding using UTF-16/32 and custom error handler type: crash versions: Python 3.6, Python 3.7, Python 3.8 Added file: https://bugs.python.org/file48304/encode_crash.py _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36819> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
