Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ef51767

Browse files
serhiy-storchakaserhiy-storchaka
committed
Issue #29444: Fixed out-of-bounds buffer access in the group() method of
the match object. Based on patch by WGH.
2 parents 2658178 + 86e4237 commit ef51767

3 files changed

Lines changed: 20 additions & 2 deletions

File tree

Lib/test/test_re.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1821,6 +1821,16 @@ def test_pattern_compare_bytes(self):
18211821
warnings.simplefilter('error', BytesWarning)
18221822
self.assertNotEqual(pattern3, pattern1)
18231823

1824+
def test_bug_29444(self):
1825+
s = bytearray(b'abcdefgh')
1826+
m = re.search(b'[a-h]+', s)
1827+
m2 = re.search(b'[e-h]+', s)
1828+
self.assertEqual(m.group(), b'abcdefgh')
1829+
self.assertEqual(m2.group(), b'efgh')
1830+
s[:] = b'xyz'
1831+
self.assertEqual(m.group(), b'xyz')
1832+
self.assertEqual(m2.group(), b'')
1833+
18241834

18251835
class PatternReprTests(unittest.TestCase):
18261836
def check(self, pattern, expected):

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,9 @@ Extension Modules
223223
Library
224224
-------
225225

226+
- Issue #29444: Fixed out-of-bounds buffer access in the group() method of
227+
the match object. Based on patch by WGH.
228+
226229
- Issue #29377: Add SlotWrapperType, MethodWrapperType, and
227230
MethodDescriptorType built-in types to types module.
228231
Original patch by Manuel Krebber.

Modules/_sre.c

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1945,6 +1945,7 @@ match_getslice_by_index(MatchObject* self, Py_ssize_t index, PyObject* def)
19451945
Py_buffer view;
19461946
PyObject *result;
19471947
void* ptr;
1948+
Py_ssize_t i, j;
19481949

19491950
if (index < 0 || index >= self->groups) {
19501951
/* raise IndexError if we were given a bad group number */
@@ -1966,8 +1967,12 @@ match_getslice_by_index(MatchObject* self, Py_ssize_t index, PyObject* def)
19661967
ptr = getstring(self->string, &length, &isbytes, &charsize, &view);
19671968
if (ptr == NULL)
19681969
return NULL;
1969-
result = getslice(isbytes, ptr,
1970-
self->string, self->mark[index], self->mark[index+1]);
1970+
1971+
i = self->mark[index];
1972+
j = self->mark[index+1];
1973+
i = Py_MIN(i, length);
1974+
j = Py_MIN(j, length);
1975+
result = getslice(isbytes, ptr, self->string, i, j);
19711976
if (isbytes && view.buf != NULL)
19721977
PyBuffer_Release(&view);
19731978
return result;

0 commit comments

Comments
 (0)