[issue7701] fix output string length for binascii.b2a_uu()

Thu, 14 Jan 2010 03:58:46 -0800 

New submission from STINNER Victor <victor.stin...@haypocalc.com>:

binascii_b2a_uu() estimate the output string length using 2+bin_len*2.
It's almost correct... except for bin_len=1. The result is a memory
write into unallocated memory:

   $ ./python -c "import binascii; binascii.b2a_uu('x')"
   Debug memory block at address p=0x87da568: API 'o'
       33 bytes originally requested
       The 3 pad bytes at p-3 are FORBIDDENBYTE, as expected.
       The 4 pad bytes at tail=0x87da589 are not all FORBIDDENBYTE (0xfb):
           at tail+0: 0x0a *** OUCH
           at tail+1: 0xfb
           at tail+2: 0xfb
           at tail+3: 0xfb
       The block was made by call #25195 to debug malloc/realloc.
       Data at p: 00 00 00 00 00 00 00 00 ... 00 00 00 21 3e 20 20 20
   Fatal Python error: bad trailing pad byte
   Abandon

Current output string length estimation for input string 0..10:

    >>> [len(binascii.b2a_uu("x"*bin_len)) for bin_len in xrange(10)]
    [2, 6, 6, 6, 10, 10, 10, 14, 14, 14]
    >>> [(2+bin_len*2) for bin_len in xrange(10)]
    [2, 4, 6, 8, 10, 12, 14, 16, 18, 20]

The estimation is correct for all lengths... except for bin_len=1. And
it's oversized for bin_len >= 9. The exact length is:

    2+ceil(bin_len*8/6) <=> 2+(bin_len+5)*8//6 <=> 2+(bin_len+2)*4//3

Example with length 0..10:

    >>> [len(binascii.b2a_uu("x"*bin_len)) for bin_len in xrange(10)]
    [2, 6, 6, 6, 10, 10, 10, 14, 14, 14]
    >>> [(2+(bin_len+2)*4//3) for bin_len in xrange(10)]
    [4, 6, 7, 8, 10, 11, 12, 14, 15, 16]

Attached patch uses the correct estimation.

----------
components: Extension Modules
files: binascii_b2a_uu_length.patch
keywords: patch
messages: 97759
nosy: haypo
severity: normal
status: open
title: fix output string length for binascii.b2a_uu()
type: crash
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2
Added file: http://bugs.python.org/file15871/binascii_b2a_uu_length.patch

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue7701>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to