https://github.com/python/cpython/commit/e98936171b994c6218fb56bcf1bc414e94704fcc commit: e98936171b994c6218fb56bcf1bc414e94704fcc branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: vstinner <[email protected]> date: 2026-03-12T11:21:43Z summary:
[3.13] gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910) (#145853) gh-140594: Fix an out of bounds read when feeding NUL byte to PyOS_StdioReadline() (GH-140910) (cherry picked from commit 86a0756234df7ce42fa4731c91067cb7f2e244d5) Co-authored-by: Shamil <[email protected]> Co-authored-by: Bénédikt Tran <[email protected]> Co-authored-by: Victor Stinner <[email protected]> files: A Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst M Lib/test/test_cmd_line.py M Parser/myreadline.c diff --git a/Lib/test/test_cmd_line.py b/Lib/test/test_cmd_line.py index dc420f33c233af..9623d0c0b52f2c 100644 --- a/Lib/test/test_cmd_line.py +++ b/Lib/test/test_cmd_line.py @@ -195,6 +195,14 @@ def test_run_module_bug1764407(self): self.assertTrue(data.find(b'1 loop') != -1) self.assertTrue(data.find(b'__main__.Timer') != -1) + @support.cpython_only + def test_null_byte_in_interactive_mode(self): + # gh-140594: Fix an out of bounds read when a single NUL character + # is read from the standard input in interactive mode. + proc = spawn_python('-i') + proc.communicate(b'\x00', timeout=support.SHORT_TIMEOUT) + self.assertEqual(proc.returncode, 0) + def test_relativedir_bug46421(self): # Test `python -m unittest` with a relative directory beginning with ./ # Note: We have to switch to the project's top module's directory, as per diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst new file mode 100644 index 00000000000000..aa126e7e25bba7 --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst @@ -0,0 +1,2 @@ +Fix an out of bounds read when a single NUL character is read from the standard input. +Patch by Shamil Abdulaev. diff --git a/Parser/myreadline.c b/Parser/myreadline.c index 74c44ff77717f5..1e49800329ce17 100644 --- a/Parser/myreadline.c +++ b/Parser/myreadline.c @@ -342,7 +342,7 @@ PyOS_StdioReadline(FILE *sys_stdin, FILE *sys_stdout, const char *prompt) break; } n += strlen(p + n); - } while (p[n-1] != '\n'); + } while (n == 0 || p[n-1] != '\n'); pr = (char *)PyMem_RawRealloc(p, n+1); if (pr == NULL) { _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
