https://github.com/python/cpython/commit/0c6d2f64c0c83e7652760f770ff0c5cdc5040426
commit: 0c6d2f64c0c83e7652760f770ff0c5cdc5040426
branch: main
author: Maurycy Pawłowski-Wieroński <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2026-05-04T12:40:52+03:00
summary:
gh-148093: Raise binascii.Error from binascii.a2b_uu() on empty input
(GH-149077)
Instead of reading past the end of the empty buffer.
files:
A Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
M Lib/test/test_binascii.py
M Modules/binascii.c
diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py
index 6991e2ef6815e3..cedbdc61f18f34 100644
--- a/Lib/test/test_binascii.py
+++ b/Lib/test/test_binascii.py
@@ -1306,6 +1306,10 @@ def test_uu(self):
self.assertEqual(binascii.a2b_uu(b"\xff"), b"\x00"*31)
self.assertRaises(binascii.Error, binascii.a2b_uu, b"\xff\x00")
self.assertRaises(binascii.Error, binascii.a2b_uu, b"!!!!")
+ self.assertRaises(binascii.Error, binascii.a2b_uu,
+ self.type2test(b""))
+ self.assertRaises(binascii.Error, binascii.a2b_uu,
+ self.type2test(b"#86)C")[:0])
self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!")
# Issue #7701 (crash on a pydebug build)
@@ -1522,6 +1526,9 @@ def test_empty_string(self):
binascii.crc_hqx(empty, 0)
continue
f = getattr(binascii, func)
+ if func == 'a2b_uu':
+ self.assertRaises(binascii.Error, f, empty)
+ continue
try:
f(empty)
except Exception as err:
diff --git
a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
new file mode 100644
index 00000000000000..9418044201f8bd
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst
@@ -0,0 +1,2 @@
+Fix an out-of-bounds read of one byte in :func:`binascii.a2b_uu`. Raise
+:exc:`binascii.Error`, instead of reading past the buffer end.
diff --git a/Modules/binascii.c b/Modules/binascii.c
index 7e6e9655f8d498..673dca6ee134bd 100644
--- a/Modules/binascii.c
+++ b/Modules/binascii.c
@@ -508,6 +508,14 @@ binascii_a2b_uu_impl(PyObject *module, Py_buffer *data)
assert(ascii_len >= 0);
/* First byte: binary data length (in bytes) */
+ if (ascii_len == 0) {
+ state = get_binascii_state(module);
+ if (state == NULL) {
+ return NULL;
+ }
+ PyErr_SetString(state->Error, "Missing length byte");
+ return NULL;
+ }
bin_len = (*ascii_data++ - ' ') & 077;
ascii_len--;
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
