From c48f25a0ed8c507f427714af92ae4a845a2d520f Mon Sep 17 00:00:00 2001 From: Pablo Galindo Date: Fri, 12 Jun 2020 22:16:32 +0100 Subject: [PATCH 1/2] bpo-40958: Avoid buffer overflow in the parser when indexing the current line --- Parser/pegen.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/Parser/pegen.c b/Parser/pegen.c index e29910bf86ed59..77dedf529bc7ec 100644 --- a/Parser/pegen.c +++ b/Parser/pegen.c @@ -141,19 +141,19 @@ _create_dummy_identifier(Parser *p) static inline Py_ssize_t byte_offset_to_character_offset(PyObject *line, int col_offset) { - const char *str = PyUnicode_AsUTF8(line); + Py_ssize_t linesize; + const char *str = PyUnicode_AsUTF8AndSize(line, &linesize); if (!str) { return 0; } + if (col_offset > linesize) { + col_offset = (int)linesize; + } PyObject *text = PyUnicode_DecodeUTF8(str, col_offset, "replace"); if (!text) { return 0; } Py_ssize_t size = PyUnicode_GET_LENGTH(text); - str = PyUnicode_AsUTF8(text); - if (str != NULL && (int)strlen(str) == col_offset) { - size = strlen(str); - } Py_DECREF(text); return size; } @@ -400,9 +400,6 @@ _PyPegen_raise_error_known_location(Parser *p, PyObject *errtype, if (!error_line) { Py_ssize_t size = p->tok->inp - p->tok->buf; - if (size && p->tok->buf[size-1] == '\n') { - size--; - } error_line = PyUnicode_DecodeUTF8(p->tok->buf, size, "replace"); if (!error_line) { goto error; From b854a0ffc7e7f62dfc53d0be45cda35c712643e6 Mon Sep 17 00:00:00 2001 From: Pablo Galindo Date: Fri, 12 Jun 2020 22:17:57 +0100 Subject: [PATCH 2/2] Add NEWS entry --- .../Core and Builtins/2020-06-12-22-17-51.bpo-40958.7O2Wh1.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2020-06-12-22-17-51.bpo-40958.7O2Wh1.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-12-22-17-51.bpo-40958.7O2Wh1.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-12-22-17-51.bpo-40958.7O2Wh1.rst new file mode 100644 index 00000000000000..8e36897948f9b4 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-12-22-17-51.bpo-40958.7O2Wh1.rst @@ -0,0 +1,2 @@ +Fix a possible buffer overflow in the PEG parser when gathering information +for emitting syntax errors. Patch by Pablo Galindo.