https://github.com/python/cpython/commit/d1f6b392e466ede5e4501d33606601eacdd6cae7 commit: d1f6b392e466ede5e4501d33606601eacdd6cae7 branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: encukou <[email protected]> date: 2025-09-24T13:48:08+02:00 summary:
[3.13] gh-130567: Fix possible crash in locale.strxfrm() (GH-138940) (GH-139266) On some macOS versions there was an off-by-one error in wcsxfrm() which caused writing past the end of the array if its size was not calculated by running wcsxfrm() first. (cherry picked from commit 5854cf38a25ab8b0c6ab0296098166014f77caa3) Co-authored-by: Serhiy Storchaka <[email protected]> Co-authored-by: Ronald Oussoren <[email protected]> files: A Misc/NEWS.d/next/Library/2025-09-15-19-29-12.gh-issue-130567.shDEnT.rst M Modules/_localemodule.c diff --git a/Misc/NEWS.d/next/Library/2025-09-15-19-29-12.gh-issue-130567.shDEnT.rst b/Misc/NEWS.d/next/Library/2025-09-15-19-29-12.gh-issue-130567.shDEnT.rst new file mode 100644 index 00000000000000..c194b2331e5f4a --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-09-15-19-29-12.gh-issue-130567.shDEnT.rst @@ -0,0 +1,2 @@ +Fix possible crash in :func:`locale.strxfrm` due to a platform bug on +macOS. diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c index 85d9062c0627f5..0af5a26f4bc461 100644 --- a/Modules/_localemodule.c +++ b/Modules/_localemodule.c @@ -446,7 +446,9 @@ _locale_strxfrm_impl(PyObject *module, PyObject *str) /* assume no change in size, first */ n1 = n1 + 1; - buf = PyMem_New(wchar_t, n1); + /* Yet another +1 is needed to work around a platform bug in wcsxfrm() + * on macOS. See gh-130567. */ + buf = PyMem_New(wchar_t, n1+1); if (!buf) { PyErr_NoMemory(); goto exit; _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
