Serhiy Storchaka storch...@gmail.com added the comment:
There are spurious print() calls in the 2.7 patch.
Oh, my inattentiveness. Thank you for pushing, Antoine. And thank Martin for
review.
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou pit...@free.fr added the comment:
There are spurious print() calls in the 2.7 patch.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14579
___
Changes by Antoine Pitrou pit...@free.fr:
--
stage: test needed - commit review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14579
___
___
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 034ff986019d by Antoine Pitrou in branch '3.2':
Issue #14579: Fix CVE-2012-2135: vulnerability in the utf-16 decoder after
error handling.
http://hg.python.org/cpython/rev/034ff986019d
New changeset 118fe0ee6921 by
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 4cadf91aaddd by Antoine Pitrou in branch '2.7':
Issue #14579: Fix error handling bug in the utf-16 decoder.
http://hg.python.org/cpython/rev/4cadf91aaddd
--
___
Python
Antoine Pitrou pit...@free.fr added the comment:
Thanks for the patches, Serhiy! They're now pushed.
--
resolution: - fixed
stage: commit review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka storch...@gmail.com added the comment:
Please, can anyone do a final review and commit?
Here are three patches for three Python versions:
2.7: utf16_error_handling-2.7.patch. Fix for one minor bug (overreading) and
tests.
3.2: utf16_error_handling-3.2_4.patch. Fix for one
Changes by Serhiy Storchaka storch...@gmail.com:
--
components: +Interpreter Core, Unicode
versions: +Python 2.7 -Python 3.1
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14579
___
Changes by Georg Brandl ge...@python.org:
--
nosy: +georg.brandl
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14579
___
___
Python-bugs-list
STINNER Victor victor.stin...@gmail.com added the comment:
I ran tests of utf16_error_handling-3.2_4.patch on Python 3.1. Two tests are
failing:
- b'\x00\xd8'.decode('utf-16le', 'replace')='\ufffd\ufffd' != '\ufffd'
- b'\xd8\x00'.decode('utf-16be', 'replace')='\ufffd\ufffd' != '\ufffd'
I
Antoine Pitrou pit...@free.fr added the comment:
I ran tests of utf16_error_handling-3.2_4.patch on Python 3.1. Two tests are
failing:
- b'\x00\xd8'.decode('utf-16le', 'replace')='\ufffd\ufffd' != '\ufffd'
- b'\xd8\x00'.decode('utf-16be', 'replace')='\ufffd\ufffd' != '\ufffd'
I don't
Martin v. Löwis mar...@v.loewis.de added the comment:
UTF-16 units are 16-bit words, not bytes, so '\ud' sounds correct to
me. You resynchronize on the word boundary: the invalid word is skipped.
I agree. The only odd case is when the number of bytes is not even
(pun intended). In that
Changes by Martin v. Löwis mar...@v.loewis.de:
--
title: Vulnerability in the utf-16 decoder after error handling -
CVE-2012-2135: Vulnerability in the utf-16 decoder after error handling
___
Python tracker rep...@bugs.python.org
13 matches
Mail list logo
