New submission from yiyuaner <[email protected]>:
In the file Objects/unicodeobject.c, we have the following code:
static PyObject*
resize_compact(PyObject *unicode, Py_ssize_t length) {
...
char_size = PyUnicode_KIND(unicode);
...
if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
PyErr_NoMemory();
return NULL;
}
}
However, PyUnicode_KIND may return 0 if the variable unicode has kind
PyUnicode_WCHAR_KIND, leading to a divide by zero problem.
The same pattern is also used without checking in function "static int
resize_inplace(PyObject *unicode, Py_ssize_t length)".
Here is the link to the code location:
https://github.com/python/cpython/blob/main/Objects/unicodeobject.c#L1045
Should we add an explicit check on variable char_size before using it in
division?
----------
components: Unicode
messages: 393188
nosy: ezio.melotti, vstinner, yiyuaner
priority: normal
severity: normal
status: open
title: Possible divide by zero problems
type: behavior
versions: Python 3.11
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue44068>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
