From e707f5dcc03652951fb01ebbd7ca24626eacd950 Mon Sep 17 00:00:00 2001 From: Brian Schubert Date: Thu, 19 Sep 2024 10:47:39 -0400 Subject: [PATCH 1/5] Fix handling of 0p fields in struct --- Lib/test/test_struct.py | 9 +++++++++ ...024-09-19-11-47-39.gh-issue-124248.g7rufd.rst | 2 ++ Modules/_struct.c | 16 ++++++++++++---- 3 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst diff --git a/Lib/test/test_struct.py b/Lib/test/test_struct.py index 5508cc3eec85c8..bdbf8800cfd8f6 100644 --- a/Lib/test/test_struct.py +++ b/Lib/test/test_struct.py @@ -96,6 +96,13 @@ def test_new_features(self): ('10s', b'helloworld', b'helloworld', b'helloworld', 0), ('11s', b'helloworld', b'helloworld\0', b'helloworld\0', 1), ('20s', b'helloworld', b'helloworld'+10*b'\0', b'helloworld'+10*b'\0', 1), + ('0p', b'helloworld', b'', b'', 1), + ('1p', b'helloworld', b'\x00', b'\x00', 1), + ('2p', b'helloworld', b'\x01h', b'\x01h', 1), + ('10p', b'helloworld', b'\x09helloworl', b'\x09helloworl', 1), + ('11p', b'helloworld', b'\x0Ahelloworld', b'\x0Ahelloworld', 0), + ('12p', b'helloworld', b'\x0Ahelloworld\0', b'\x0Ahelloworld\0', 1), + ('20p', b'helloworld', b'\x0Ahelloworld'+9*b'\0', b'\x0Ahelloworld'+9*b'\0', 1), ('b', 7, b'\7', b'\7', 0), ('b', -7, b'\371', b'\371', 0), ('B', 7, b'\7', b'\7', 0), @@ -339,6 +346,7 @@ def assertStructError(func, *args, **kwargs): def test_p_code(self): # Test p ("Pascal string") code. for code, input, expected, expectedback in [ + ('0p', b'abc', b'', b''), ('p', b'abc', b'\x00', b''), ('1p', b'abc', b'\x00', b''), ('2p', b'abc', b'\x01a', b'a'), @@ -580,6 +588,7 @@ def test__sizeof__(self): self.check_sizeof('187s', 1) self.check_sizeof('20p', 1) self.check_sizeof('0s', 1) + self.check_sizeof('0p', 1) self.check_sizeof('0c', 0) def test_boundary_error_message(self): diff --git a/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst b/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst new file mode 100644 index 00000000000000..90d06d93ce5074 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst @@ -0,0 +1,2 @@ +Fixed potential crash when using ``struct.pack`` and ``struct.unpack`` +to process zero-width 'Pascal string' fields (``0p``). diff --git a/Modules/_struct.c b/Modules/_struct.c index f744193469e2dc..32dca4b1e83524 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1669,9 +1669,14 @@ s_unpack_internal(PyStructObject *soself, const char *startfrom, if (e->format == 's') { v = PyBytes_FromStringAndSize(res, code->size); } else if (e->format == 'p') { - Py_ssize_t n = *(unsigned char*)res; - if (n >= code->size) - n = code->size - 1; + Py_ssize_t n; + if (code->size == 0) { + n = 0; + } else { + n = *(unsigned char*)res; + if (n >= code->size) + n = code->size - 1; + } v = PyBytes_FromStringAndSize(res + 1, n); } else { v = e->unpack(state, res, e); @@ -1982,8 +1987,11 @@ s_pack_internal(PyStructObject *soself, PyObject *const *args, int offset, n = PyByteArray_GET_SIZE(v); p = PyByteArray_AS_STRING(v); } - if (n > (code->size - 1)) + if (code->size == 0) { + n = 0; + } else if (n > (code->size - 1)) { n = code->size - 1; + } if (n > 0) memcpy(res + 1, p, n); if (n > 255) From 55c3e1b448695d430eab475db71026e5af93d0be Mon Sep 17 00:00:00 2001 From: Brian Schubert Date: Thu, 19 Sep 2024 12:57:13 -0400 Subject: [PATCH 2/5] Use PEP 7 braces --- Modules/_struct.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/_struct.c b/Modules/_struct.c index 32dca4b1e83524..9857ed7eae9543 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1674,8 +1674,9 @@ s_unpack_internal(PyStructObject *soself, const char *startfrom, n = 0; } else { n = *(unsigned char*)res; - if (n >= code->size) + if (n >= code->size) { n = code->size - 1; + } } v = PyBytes_FromStringAndSize(res + 1, n); } else { From e0ce3ecd89797bad9607dc4e47a91fab862b0ea0 Mon Sep 17 00:00:00 2001 From: Brian Schubert Date: Thu, 19 Sep 2024 13:15:30 -0400 Subject: [PATCH 3/5] Update NEWS --- .../Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst b/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst index 90d06d93ce5074..1bd333f485a2ab 100644 --- a/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst +++ b/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst @@ -1,2 +1,2 @@ -Fixed potential crash when using ``struct.pack`` and ``struct.unpack`` -to process zero-width 'Pascal string' fields (``0p``). +Fixed potential crash when using :mod:`struct` to process zero-width +'Pascal string' fields (``0p``). From 7346b0da547a5a817f33e6f70fde4327987417cb Mon Sep 17 00:00:00 2001 From: Brian Schubert Date: Thu, 19 Sep 2024 13:54:23 -0400 Subject: [PATCH 4/5] Update ACKS --- Misc/ACKS | 1 + 1 file changed, 1 insertion(+) diff --git a/Misc/ACKS b/Misc/ACKS index b031eb7c11f73f..2db17adcc2ee66 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -1653,6 +1653,7 @@ Scott Schram Robin Schreiber Chad J. Schroeder Simon-Martin Schroeder +Brian Schubert Christian Schubert Sam Schulenburg Andreas Schwab From 0f78c80f6b53ed64455777d97dd7125859191d4a Mon Sep 17 00:00:00 2001 From: Brian Schubert Date: Thu, 19 Sep 2024 13:55:59 -0400 Subject: [PATCH 5/5] Fix PEP 7 brace style --- Modules/_struct.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/_struct.c b/Modules/_struct.c index 9857ed7eae9543..2ae5060ba34163 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1672,7 +1672,8 @@ s_unpack_internal(PyStructObject *soself, const char *startfrom, Py_ssize_t n; if (code->size == 0) { n = 0; - } else { + } + else { n = *(unsigned char*)res; if (n >= code->size) { n = code->size - 1; @@ -1990,7 +1991,8 @@ s_pack_internal(PyStructObject *soself, PyObject *const *args, int offset, } if (code->size == 0) { n = 0; - } else if (n > (code->size - 1)) { + } + else if (n > (code->size - 1)) { n = code->size - 1; } if (n > 0)