Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray object now always allocates place for trailing null byte and it's buffer now is always null-terminated.

commit: 7b6e3b91f54e8fafbb1565a7d0999dec4fca783f [log] [tgz]
author: Serhiy Storchaka <storchaka@gmail.com> Mon Jun 29 21:14:06 2015 +0300
committer: Serhiy Storchaka <storchaka@gmail.com> Mon Jun 29 21:14:06 2015 +0300
tree: f77b8bcb146db9321bad69f307df5c5c642d9cad
parent: 50373e6c21e933d2fee7039204bdc51c4475d634 [diff] [blame]
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 2e47a1c..15c525c 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c

@@ -854,8 +854,10 @@
             goto error;
 
         /* Append the byte */
-        if (Py_SIZE(self) < self->ob_alloc)
+        if (Py_SIZE(self) + 1 < self->ob_alloc) {
             Py_SIZE(self)++;
+            PyByteArray_AS_STRING(self)[Py_SIZE(self)] = '\0';
+        }
         else if (PyByteArray_Resize((PyObject *)self, Py_SIZE(self)+1) < 0)
             goto error;
         PyByteArray_AS_STRING(self)[Py_SIZE(self)-1] = value;
commit	7b6e3b91f54e8fafbb1565a7d0999dec4fca783f	[log] [tgz]
author	Serhiy Storchaka <storchaka@gmail.com>	Mon Jun 29 21:14:06 2015 +0300
committer	Serhiy Storchaka <storchaka@gmail.com>	Mon Jun 29 21:14:06 2015 +0300
tree	f77b8bcb146db9321bad69f307df5c5c642d9cad
parent	50373e6c21e933d2fee7039204bdc51c4475d634 [diff] [blame]