bounds check for bad data (thanks amaury)

commit: 45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba [log] [tgz]
author: Philip Jenvey <pjenvey@underboss.org> Fri Oct 26 17:01:53 2012 -0700
committer: Philip Jenvey <pjenvey@underboss.org> Fri Oct 26 17:01:53 2012 -0700
tree: a9d7476ad71104566d8b3dc591450cb039f3d90f
parent: a20879ffc8dfebab5b6949bed9b13453c8a6cde3 [diff] [blame]
diff --git a/Python/codecs.c b/Python/codecs.c
index c7f4a9c..90f1cf6 100644
--- a/Python/codecs.c
+++ b/Python/codecs.c

@@ -821,9 +821,10 @@
         /* Try decoding a single surrogate character. If
            there are more, let the codec call us again. */
         p += start;
-        if ((p[0] & 0xf0) == 0xe0 ||
-            (p[1] & 0xc0) == 0x80 ||
-            (p[2] & 0xc0) == 0x80) {
+        if (strlen(p) > 2 &&
+            ((p[0] & 0xf0) == 0xe0 ||
+             (p[1] & 0xc0) == 0x80 ||
+             (p[2] & 0xc0) == 0x80)) {
             /* it's a three-byte code */
             ch = ((p[0] & 0x0f) << 12) + ((p[1] & 0x3f) << 6) + (p[2] & 0x3f);
             if (ch < 0xd800 || ch > 0xdfff)
commit	45c41494bf4992d6c2a0bd1fca3d0dff164ec4ba	[log] [tgz]
author	Philip Jenvey <pjenvey@underboss.org>	Fri Oct 26 17:01:53 2012 -0700
committer	Philip Jenvey <pjenvey@underboss.org>	Fri Oct 26 17:01:53 2012 -0700
tree	a9d7476ad71104566d8b3dc591450cb039f3d90f
parent	a20879ffc8dfebab5b6949bed9b13453c8a6cde3 [diff] [blame]