File CVE-2014-7185-buffer-wraparound.patch of Package python.144

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2014-7185-buffer-wraparound.patch of Package python.144

# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1403579547 25200
# Node ID 8d963c7db507be561e26bbbb852e3a2be3327c3f
# Parent  8e0b7393e921fb5e05c40265f9272dec90512ef6
avoid overflow with large buffer sizes and/or offsets (closes #21831)

Index: Python-2.7.7/Lib/test/test_buffer.py
===================================================================
--- Python-2.7.7.orig/Lib/test/test_buffer.py	2014-05-31 20:58:39.000000000 +0200
+++ Python-2.7.7/Lib/test/test_buffer.py	2014-10-01 15:47:38.251260041 +0200
@@ -4,6 +4,7 @@
 
 """
 
+import sys
 import unittest
 from test import test_support
 
@@ -29,6 +30,11 @@
         m = memoryview(b) # Should not raise an exception
         self.assertEqual(m.tobytes(), s)
 
+    def test_large_buffer_size_and_offset(self):
+        data = bytearray('hola mundo')
+        buf = buffer(data, sys.maxsize, sys.maxsize)
+        self.assertEqual(buf[:4096], "")
+
 
 def test_main():
     with test_support.check_py3k_warnings(("buffer.. not supported",
Index: Python-2.7.7/Objects/bufferobject.c
===================================================================
--- Python-2.7.7.orig/Objects/bufferobject.c	2014-05-31 20:58:40.000000000 +0200
+++ Python-2.7.7/Objects/bufferobject.c	2014-10-01 15:47:38.251260041 +0200
@@ -88,7 +88,7 @@
             *size = count;
         else
             *size = self->b_size;
-        if (offset + *size > count)
+        if (*size > count - offset)
             *size = count - offset;
     }
     return 1;

Places

File CVE-2014-7185-buffer-wraparound.patch of Package python.144

Places