[Python-checkins] [3.12] gh-104282: Fix null pointer dereference in `lzma._decode_filter_properties` (GH-104283) (GH-114181)

Wed, 17 Jan 2024 05:31:48 -0800 

https://github.com/python/cpython/commit/00e77935193221f1601405587b9ec05c14c13284
commit: 00e77935193221f1601405587b9ec05c14c13284
branch: 3.12
author: Miss Islington (bot) <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2024-01-17T13:31:33Z
summary:

[3.12] gh-104282: Fix null pointer dereference in 
`lzma._decode_filter_properties` (GH-104283) (GH-114181)

(cherry picked from commit 0154405350c272833bd51f68138223655e142a37)

Co-authored-by: Radislav Chugunov <[email protected]>

files:
A Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst
M Lib/test/test_lzma.py
M Modules/_lzmamodule.c

diff --git a/Lib/test/test_lzma.py b/Lib/test/test_lzma.py
index 13b200912f6abd..65e6488c5d7b10 100644
--- a/Lib/test/test_lzma.py
+++ b/Lib/test/test_lzma.py
@@ -1401,6 +1401,14 @@ def test__decode_filter_properties(self):
         self.assertEqual(filterspec["lc"], 3)
         self.assertEqual(filterspec["dict_size"], 8 << 20)
 
+        # see gh-104282
+        filters = [lzma.FILTER_X86, lzma.FILTER_POWERPC,
+                   lzma.FILTER_IA64, lzma.FILTER_ARM,
+                   lzma.FILTER_ARMTHUMB, lzma.FILTER_SPARC]
+        for f in filters:
+            filterspec = lzma._decode_filter_properties(f, b"")
+            self.assertEqual(filterspec, {"id": f})
+
     def test_filter_properties_roundtrip(self):
         spec1 = lzma._decode_filter_properties(
                 lzma.FILTER_LZMA1, b"]\x00\x00\x80\x00")
diff --git 
a/Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst 
b/Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst
new file mode 100644
index 00000000000000..569ce66a5b9d5f
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-05-08-09-30-00.gh-issue-104282.h4c6Eb.rst
@@ -0,0 +1,3 @@
+Fix null pointer dereference in :func:`lzma._decode_filter_properties`
+due to improper handling of BCJ filters with properties of zero length.
+Patch by Radislav Chugunov.
diff --git a/Modules/_lzmamodule.c b/Modules/_lzmamodule.c
index e34fbad230d51a..7bbd6569aa2e44 100644
--- a/Modules/_lzmamodule.c
+++ b/Modules/_lzmamodule.c
@@ -494,7 +494,9 @@ build_filter_spec(const lzma_filter *f)
         case LZMA_FILTER_ARMTHUMB:
         case LZMA_FILTER_SPARC: {
             lzma_options_bcj *options = f->options;
-            ADD_FIELD(options, start_offset);
+            if (options) {
+                ADD_FIELD(options, start_offset);
+            }
             break;
         }
         default:

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-checkins.python.org/
Member address: [email protected]

Reply via email to