Issue #24467: Fixed possible buffer over-read in bytearray. The bytearray
object now always allocates place for trailing null byte and it's buffer now
is always null-terminated.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 2e47a1c..15c525c 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -854,8 +854,10 @@
goto error;
/* Append the byte */
- if (Py_SIZE(self) < self->ob_alloc)
+ if (Py_SIZE(self) + 1 < self->ob_alloc) {
Py_SIZE(self)++;
+ PyByteArray_AS_STRING(self)[Py_SIZE(self)] = '\0';
+ }
else if (PyByteArray_Resize((PyObject *)self, Py_SIZE(self)+1) < 0)
goto error;
PyByteArray_AS_STRING(self)[Py_SIZE(self)-1] = value;