[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Guido van Rossum added the comment: OK, submitted. -- resolution: -> fixed status: open -> closed ___ Python tracker ___ ___ Python-b

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Martin v. Löwis added the comment: I agree it is technically a security fix, so somebody please feel free to commit it. I will make another 2.5 release when enough of these have accumulated, or something urgent happens, or somebody wants to see a release really badly :-) -- assignee: lo

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Guido van Rossum added the comment: Well, this one is technically a security fix, though I have no idea how it could be exploited unless you offer your users a facility to execute arbitrary Python code. ___ Python tracker _

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Georg Brandl added the comment: Only with security fixes IIRC. Letting Martin decide. -- assignee: pitrou -> loewis nosy: +loewis ___ Python tracker ___ _

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Guido van Rossum added the comment: It looks like it was fixed in 2.6 by adding an assignment to startinpos to this block: else if (SPECIAL(ch,0,0)) { startinpos = s-starts; /* <-- This was added */ errmsg = "unexpected special character"; s++

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Marc-Andre Lemburg added the comment: The UTF-7 codec implementation has a few problems (one of them is that it is hardly being used, so bugs only get detected very slowly). issue4426 has a patch with cleaned up and more standards compliant implementation. Perhaps that also fixes the problem wi

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Antoine Pitrou added the comment: Hmm, I know nothing about UTF7... Anyway, looking at the code, the utf7Error code path can be called from the following places (trunk line numbers): - line 1595, and startinpos was set three lines before - a bunch of places in the "if (inShift) { ... }" chunk b

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

Georg Brandl added the comment: I can't see at the moment how the unicode_decode_call_errorhandler call can be made without startinpos being previously set to some value. Antoine, maybe you can verify? -- assignee: -> pitrou nosy: +georg.brandl, pitrou

[issue5389] Uninitialized variable may be used in PyUnicode_DecodeUTF7Stateful()

New submission from Guido van Rossum : [Found by a Googler who prefers to remain anonymous] This might be easier to trigger on a 64-bit: PyObject *PyUnicode_DecodeUTF7Stateful(...) { ... Py_ssize_t startinpos; ... while (s < e) { ... utf7Error: outpos = p-PyUni