[issue46704] Parser API not checking for null-terminator

2022-02-12 Thread Pablo Galindo Salgado
Pablo Galindo Salgado added the comment: Closing as not a bug. Please, feel free to reopen if we missed something. Thanks for the report! -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker

[issue46704] Parser API not checking for null-terminator

2022-02-09 Thread Pablo Galindo Salgado
Pablo Galindo Salgado added the comment: The contract of that interface is to receive null-terminated strings, so I am a bit clueless on how this could receive a non-null terminated string. Notice that calling PyRun_StringFlags with a non-null terminated string is out of contract.

[issue46704] Parser API not checking for null-terminator

2022-02-09 Thread Pablo Galindo Salgado
Change by Pablo Galindo Salgado : -- Removed message: https://bugs.python.org/msg412970 ___ Python tracker ___ ___ Python-bugs-list

[issue46704] Parser API not checking for null-terminator

2022-02-09 Thread Pablo Galindo Salgado
Pablo Galindo Salgado added the comment: The contract of that interface is to receive null-terminated strings, so I am a bit clueless on how this could receive a non-null terminated string. Notice that calling CompileCode with a non-null terminated string is out of contract. --

[issue46704] Parser API not checking for null-terminator

2022-02-09 Thread Pablo Galindo Salgado
Pablo Galindo Salgado added the comment: Could you please provide an example input to reproduce this? -- ___ Python tracker ___

[issue46704] Parser API not checking for null-terminator

2022-02-09 Thread anthony shaw
New submission from anthony shaw : In tokenizer.c, the translate_newlines() function does a `strlen()` on the input string, if the string is not null-terminated, e.g. '\xbe' this leads to a heap-buffer-overflow. The overflow is not exploitable, but if there are further changes to the parser,