New submission from Guido van Rossum <gu...@python.org>:
[Found by a Googler who prefers to remain anonymous]
This might be easier to trigger on a 64-bit:
PyObject *PyUnicode_DecodeUTF7Stateful(...)
{
...
Py_ssize_t startinpos;
...
while (s < e) {
...
utf7Error:
outpos = p-PyUnicode_AS_UNICODE(unicode);
endinpos = s-starts;
if (unicode_decode_call_errorhandler(
errors, &errorHandler,
"utf7", errmsg,
starts, size, &startinpos, &endinpos, &exc, &s,
&unicode, &outpos, &p))
...
}
...
}
The lack of initialization of startinpos will lead to the likelihood of
the value being >= INT_MAX with a 64-bit value, leading to the
subsequent assert [somewhere in unicode_decode_call_errorhandler()]. In
theory the assert could trigger in 32-bit if the uninitialized value
happened to get set to INT_MAX.
The other similar variable also probably need to be initialized.
Furthermore, the function PyUnicode_DecodeUTF8Stateful also has the same
uninitialized variables.
----------
messages: 82881
nosy: gvanrossum
severity: normal
status: open
title: Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()
versions: Python 2.5, Python 2.6, Python 2.7, Python 3.0, Python 3.1
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue5389>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
