Merged revisions 73871 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r73871 | alexandre.vassalotti | 2009-07-06 22:17:30 -0400 (Mon, 06 Jul 2009) | 7 lines
Grow the allocated buffer in PyUnicode_EncodeUTF7 to avoid buffer overrun.
Without this change, test_unicode.UnicodeTest.test_codecs_utf7 crashes in
debug mode. What happens is the unicode string u'\U000abcde' with a length
of 1 encodes to the string '+2m/c3g-' of length 8. Since only 5 bytes is
reserved in the buffer, a buffer overrun occurs.
........
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 305289b..758d054 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -2044,7 +2044,7 @@
{
PyObject *v;
/* It might be possible to tighten this worst case */
- Py_ssize_t allocated = 5 * size;
+ Py_ssize_t allocated = 8 * size;
int inShift = 0;
Py_ssize_t i = 0;
unsigned int base64bits = 0;
@@ -2055,7 +2055,7 @@
if (size == 0)
return PyBytes_FromStringAndSize(NULL, 0);
- if (allocated / 5 != size)
+ if (allocated / 8 != size)
return PyErr_NoMemory();
v = PyBytes_FromStringAndSize(NULL, allocated);