Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds #101180

stasos24 · 2023-01-20T07:58:02Z

Bug report

==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48
READ of size 4 at 0x7ffef35c8f14 thread T0
    #0 0x7f3e0254c47b in jisx0213_encoder Modules/cjkcodecs/_codecs_iso2022.c:808
    #1 0x7f3e0254c47b in jisx0213_2004_1_encoder_paironly Modules/cjkcodecs/_codecs_iso2022.c:894
    #2 0x7f3e025469a9 in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:196
    #3 0x7f3e02536457 in multibytecodec_encode Modules/cjkcodecs/multibytecodec.c:523
    #4 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode_impl Modules/cjkcodecs/multibytecodec.c:620
    #5 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode Modules/cjkcodecs/clinic/multibytecodec.c.h:91
    #6 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438
    #7 0x55e4cc5b029e in PyObject_Call (/home/kali/Downloads/cpython/python+0x3e629e)
    #8 0x55e4cc841026 in _PyCodec_EncodeInternal Python/codecs.c:419
    #9 0x55e4cc9cb18f in _codecs_encode_impl Modules/_codecsmodule.c:132
    #10 0x55e4cc9cb18f in _codecs_encode Modules/clinic/_codecsmodule.c.h:166
    #11 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438
    #12 0x55e4cc5af6bf in _PyObject_VectorcallTstate Include/internal/pycore_call.h:92
    #13 0x55e4cc5af6bf in PyObject_Vectorcall Objects/call.c:301
    #14 0x55e4cc4753f6 in _PyEval_EvalFrameDefault Python/generated_cases.c.h:2982
    #15 0x55e4cc83c811 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:88
    #16 0x55e4cc83c811 in _PyEval_Vector Python/ceval.c:1716
    #17 0x55e4cc83c811 in PyEval_EvalCode Python/ceval.c:578
    #18 0x55e4cc91aebd in run_eval_code_obj Python/pythonrun.c:1702
    #19 0x55e4cc91aebd in run_mod Python/pythonrun.c:1723
    #20 0x55e4cc91e6ca in pyrun_file Python/pythonrun.c:1617
    #21 0x55e4cc91e6ca in _PyRun_SimpleFileObject Python/pythonrun.c:439
    #22 0x55e4cc91f17a in _PyRun_AnyFileObject Python/pythonrun.c:78
    #23 0x55e4cc976719 in pymain_run_file_obj Modules/main.c:360
    #24 0x55e4cc976719 in pymain_run_file Modules/main.c:379
    #25 0x55e4cc976719 in pymain_run_python Modules/main.c:610
    #26 0x55e4cc977ebc in Py_RunMain Modules/main.c:689
    #27 0x55e4cc977ebc in pymain_main Modules/main.c:719
    #28 0x55e4cc977ebc in Py_BytesMain Modules/main.c:743
    #29 0x7f3e052d6209 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #30 0x7f3e052d62bb in __libc_start_main_impl ../csu/libc-start.c:389
    #31 0x55e4cc49c3f0 in _start (/home/kali/Downloads/cpython/python+0x2d23f0)

Address 0x7ffef35c8f14 is located in stack of thread T0 at offset 52 in frame
    #0 0x7f3e0254644f in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:157

  This frame has 2 object(s):
    [48, 52) 'c' (line 161) <== Memory access at offset 52 overflows this variable
    [64, 72) 'length' (line 184)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow Modules/cjkcodecs/_codecs_iso2022.c:808 in jisx0213_encoder
Shadow bytes around the buggy address:
  0x10005e6b1190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b11a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b11b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b11c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b11d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10005e6b11e0: f1 f1[04]f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
  0x10005e6b11f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b1200: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3
  0x10005e6b1210: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005e6b1220: 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 00 f2 f2 f2
  0x10005e6b1230: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==2729==ABORTING

Your environment

CPython versions tested on: 3.12, 3.11, 3.10
Operating system and architecture: x86_x64 NAME="Kali GNU/Linux" "2022.3" (Reproduced also on other debian OS)

Steps to reproduce

CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
make
copy test.py and crashfile to /cpython directory
run ./python test.py

Prerequisites

crashfile.txt
test.py

import codecs
f=open('crashfile.txt', 'r')
text=f.read()
print(text)
codecs.encode(text, encoding='iso2022_jp_2004', errors='ignore')

Linked PRs

The text was updated successfully, but these errors were encountered:

To make it easy to reproduce. Build your PR branch using: `./configure --with-address-sanitizer && make`

gpshead · 2023-02-08T23:59:47Z

I turned your report into a PR, It should show up in the CI address sanitizer run there. (confirmed locally)

gpshead · 2023-02-09T00:18:17Z

@hyeshik and @vstinner - thoughts?

stasos24 · 2023-10-24T06:18:57Z

Hi everyone!
Found a new read-of-bounds vulnerability:

==17275==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc39f9daf34 at pc 0x7fc3a10f9c6d bp 0x7ffe1ba83600 sp 0x7ffe1ba835f8
READ of size 4 at 0x7fc39f9daf34 thread T0                                                                                                                                                                                                 
    #0 0x7fc3a10f9c6c in jisx0213_encoder /home/kali/python3.10.12/Modules/cjkcodecs/_codecs_iso2022.c:808
    #1 0x7fc3a10f9c6c in jisx0213_2004_1_encoder_paironly /home/kali/python3.10.12/Modules/cjkcodecs/_codecs_iso2022.c:894
    #2 0x7fc3a10f3bcf in iso2022_encode /home/kali/python3.10.12/Modules/cjkcodecs/_codecs_iso2022.c:196
    #3 0x7fc3a10e4b45 in multibytecodec_encode /home/kali/python3.10.12/Modules/cjkcodecs/multibytecodec.c:526
    #4 0x7fc3a10e6c1d in _multibytecodec_MultibyteCodec_encode_impl /home/kali/python3.10.12/Modules/cjkcodecs/multibytecodec.c:623
    #5 0x7fc3a10e6c1d in _multibytecodec_MultibyteCodec_encode /home/kali/python3.10.12/Modules/cjkcodecs/clinic/multibytecodec.c.h:62
    #6 0x55cc82fed2bf in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:446
    #7 0x55cc82b6c970 in PyVectorcall_Call Objects/call.c:255
    #8 0x55cc82d3354a in _PyCodec_EncodeInternal Python/codecs.c:420
    #9 0x55cc82ec1a47 in _codecs_encode_impl Modules/_codecsmodule.c:131
    #10 0x55cc82ec1a47 in _codecs_encode Modules/clinic/_codecsmodule.c.h:137
    #11 0x55cc82fed2bf in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:446
    #12 0x55cc82b3632c in _PyObject_VectorcallTstate Include/cpython/abstract.h:114
    #13 0x55cc82b3632c in PyObject_Vectorcall Include/cpython/abstract.h:123
    #14 0x55cc82b3632c in call_function Python/ceval.c:5893
    #15 0x55cc82b3632c in _PyEval_EvalFrameDefault Python/ceval.c:4231
    #16 0x55cc82d2dbb1 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:46
    #17 0x55cc82d2dbb1 in _PyEval_Vector Python/ceval.c:5067
    #18 0x55cc82d2dbb1 in PyEval_EvalCode Python/ceval.c:1134
    #19 0x55cc82defe6b in run_eval_code_obj Python/pythonrun.c:1291
    #20 0x55cc82defe6b in run_mod Python/pythonrun.c:1312
    #21 0x55cc82df28df in pyrun_file Python/pythonrun.c:1208
    #22 0x55cc82df28df in _PyRun_SimpleFileObject Python/pythonrun.c:456
    #23 0x55cc82df3464 in _PyRun_AnyFileObject Python/pythonrun.c:90
    #24 0x55cc82b44f9e in pymain_run_file_obj Modules/main.c:353
    #25 0x55cc82b44f9e in pymain_run_file Modules/main.c:372
    #26 0x55cc82b44f9e in pymain_run_python Modules/main.c:587
    #27 0x55cc82b46743 in Py_RunMain Modules/main.c:666
    #28 0x55cc82b46743 in pymain_main Modules/main.c:696
    #29 0x55cc82b46743 in Py_BytesMain Modules/main.c:720
    #30 0x7fc3a1846189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #31 0x7fc3a1846244 in __libc_start_main_impl ../csu/libc-start.c:381
    #32 0x55cc82b42b60 in _start (/home/kali/python3.10.12/python+0x176b60) (BuildId: 6292689f0cb3a264af4e67751a64a14c9a1caac4)

Address 0x7fc39f9daf34 is located in stack of thread T0 at offset 52 in frame
    #0 0x7fc3a10f363f in iso2022_encode /home/kali/python3.10.12/Modules/cjkcodecs/_codecs_iso2022.c:157

  This frame has 2 object(s):
    [48, 52) 'c' (line 161) <== Memory access at offset 52 overflows this variable
    [64, 72) 'length' (line 184)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/kali/python3.10.12/Modules/cjkcodecs/_codecs_iso2022.c:808 in jisx0213_encoder
Shadow bytes around the buggy address:
  0x7fc39f9dac80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7fc39f9dad00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7fc39f9dad80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
  0x7fc39f9dae00: f1 f1 f1 f1 f8 f2 f2 f2 00 f2 f2 f2 00 00 f3 f3
  0x7fc39f9dae80: f1 f1 f1 f1 00 00 00 00 00 00 00 f3 f3 f3 f3 f3
=>0x7fc39f9daf00: f1 f1 f1 f1 f1 f1[04]f2 00 f3 f3 f3 00 00 00 00
  0x7fc39f9daf80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
  0x7fc39f9db000: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7fc39f9db080: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7fc39f9db100: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x7fc39f9db180: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==17275==ABORTING

crashfile.txt

serhiy-storchaka · 2023-10-24T06:43:11Z

I cannot even build Python with such configure options.

$ make
gcc -c -fno-strict-overflow -DNDEBUG -g -O3 -Wall -fsanitize=address   -std=c11 -Werror=implicit-function-declaration -fvisibility=hidden  -I./Include/internal  -I. -I./Include    -DPy_BUILD_CORE -DPYTHONPATH='""' \
        -DPREFIX='"/usr/local"' \
        -DEXEC_PREFIX='"/usr/local"' \
        -DVERSION='"3.13"' \
        -DVPATH='""' \
        -DPLATLIBDIR='"lib"' \
        -DPYTHONFRAMEWORK='""' \
        -o Modules/getpath.o ./Modules/getpath.c
./Programs/_freeze_module importlib._bootstrap ./Lib/importlib/_bootstrap.py Python/frozen_modules/importlib._bootstrap.h

=================================================================
==1374883==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 70119 byte(s) in 44 object(s) allocated from:
    #0 0x7fb50b109887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x557d8b53db91 in PyMem_RawMalloc Objects/obmalloc.c:663
    #2 0x557d8b53db91 in _PyObject_Malloc Objects/obmalloc.c:1570

Indirect leak of 4810 byte(s) in 3 object(s) allocated from:
    #0 0x7fb50b109887 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x557d8b53db91 in PyMem_RawMalloc Objects/obmalloc.c:663
    #2 0x557d8b53db91 in _PyObject_Malloc Objects/obmalloc.c:1570

SUMMARY: AddressSanitizer: 74929 byte(s) leaked in 47 allocation(s).
make: *** [Makefile:1336: Python/frozen_modules/importlib._bootstrap.h] Помилка 1

vstinner · 2023-10-31T13:56:21Z

I cannot even build Python with such configure options.

You should set ASAN_OPTIONS="detect_leaks=0:allocator_may_return_null=1:handle_segv=0" environment variable.

vstinner · 2023-10-31T14:24:45Z

=================================================================
==32234==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f85b53099b4 at pc 0x7f85b48bd671 bp 0x7ffd328ba300 sp 0x7ffd328ba2f8
READ of size 4 at 0x7f85b53099b4 thread T0
    #0 0x7f85b48bd670 in jisx0213_encoder Modules/cjkcodecs/_codecs_iso2022.c:804
    #1 0x7f85b48bd9db in jisx0213_2004_1_encoder_paironly Modules/cjkcodecs/_codecs_iso2022.c:897
    #2 0x7f85b48b4362 in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:222
    #3 0x7f85a71eeef0 in multibytecodec_encode Modules/cjkcodecs/multibytecodec.c:527
    #4 0x7f85a71ef60c in _multibytecodec_MultibyteCodec_encode_impl Modules/cjkcodecs/multibytecodec.c:620
    #5 0x7f85a71eb5d5 in _multibytecodec_MultibyteCodec_encode Modules/cjkcodecs/clinic/multibytecodec.c.h:91
    #6 0x6fe371 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:441

jisx0213_encoder() is called 3 times, the 3rd time, it's called with length=2 but apparently reading (ucs2_t)data[1] triggers the error.

iso2022_encode() calls dsg->encoder(codec, &c, &length); with length=2, but c is declared as Py_UCS4 c = INCHAR1;.

How can iso2022_encode() announce 2 UCS4 characters, whereas c is a single character?

vstinner · 2023-10-31T14:26:21Z

gdb commands with local changes to add some logs (with printf):

0:00:00 load avg: 0.82 [1/1] test_codecencodings_jp
test_gh101180 (test.test_codecencodings_jp.Test_iso2022_jp_2004.test_gh101180) ... 
Breakpoint 1, jisx0213_encoder (codec=0x61600012f1d0, data=0x7ffff5309f30, length=0x7ffff5309f40, config=0x0) at ./Modules/cjkcodecs/_codecs_iso2022.c:775
775	printf("jisx0213_encoder: length=%zi\n", *length);
(gdb) c
Continuing.
jisx0213_encoder: length=1

Breakpoint 1, jisx0213_encoder (codec=0x61600012f1d0, data=0x7ffff5309f30, length=0x7ffff5309f40, config=0x0) at ./Modules/cjkcodecs/_codecs_iso2022.c:775
775	printf("jisx0213_encoder: length=%zi\n", *length);
(gdb) c
Continuing.
jisx0213_encoder: length=1

Breakpoint 1, jisx0213_encoder (codec=0x61600012f1d0, data=0x7ffff5309f30, length=0x7ffff5309f40, config=0x0) at ./Modules/cjkcodecs/_codecs_iso2022.c:775
775	printf("jisx0213_encoder: length=%zi\n", *length);
(gdb) p *length
$1 = 2
(gdb) up
#1  0x00007ffff66279dc in jisx0213_2004_1_encoder_paironly (codec=0x61600012f1d0, data=0x7ffff5309f30, length=0x7ffff5309f40) at ./Modules/cjkcodecs/_codecs_iso2022.c:897
897	    coded = jisx0213_encoder(codec, data, length, NULL);
(gdb) 
#2  0x00007ffff661e363 in iso2022_encode (state=0x7ffff5201fe0, codec=0x61600012f1d0, kind=4, data=0x6110002ff9c8, inpos=0x7ffff5309ea8, inlen=31, outbuf=0x7ffff5309eb8, 
    outleft=48, flags=3) at ./Modules/cjkcodecs/_codecs_iso2022.c:222
222	                encoded = dsg->encoder(codec, &c, &length);
(gdb) p length
$2 = 2
(gdb) p c
$3 = 652
(gdb) p /x c
$4 = 0x28c

…ecs read out of bounds iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds when encoding Unicode combining character sequence. This bug ocurs the following error: $ python3 -c "print('\u304b\u309a'.encode('iso2022_jp_2004'))" Traceback (most recent call last): File "<string>", line 1, in <module> UnicodeEncodeError: 'iso2022_jp_2004' codec can't encode character '\u309a' in position 1: illegal multibyte sequence This commit fixes the out-of-bounds read.

iso2022_jp_3 and iso2022_jp_2004 are upward compatible with iso2022_jp. In addition to testing iso2022_jp, we will test the following characters added in iso2022_jp_3 and iso2022_jp_2004. JIS X 0213 Unicode ---------------- --------------------------------------------- Plane 1 \x2E\x23 U+3402 Basic Multilingual Plane Plane 1 \x2E\x22 U+2000B Supplementary Ideographic Plane Plane 1 \x24\x77 U+304B U+309A Combining Character Suqence Plane 2 \x21\x22 U+4E02 Basic Multilingual Plane Plane 2 \x7E\x76 U+2A6B2 Supplementary Ideographic Plane The difference between iso2022_jp_3 and iso2022_jp_2004 is the difference between JIS X 0213:2000 and JIS X 0213:2004. Tests the following a character added from JIS X 0213:2000 to JIS X 0213:2004. JIS X 0213:2004 Unicode ---------------- ------- Plane 1 \x2E\x21 U+4FF1 Escape sequence to designate JIS X 0213 character set to G0: character set ESC sequence ----------------------- --------------------------- JIS X 0213:2000 Plane 1 ESC 2/4 2/8 4/15 ESC $ ( O JIS X 0213:2000 Plane 2 ESC 2/4 2/8 5/0 ESC $ ( P JIS X 0213:2004 Plane 1 ESC 2/4 2/8 5/1 ESC $ ( Q JIS X 0213:2004 Plane 2 ESC 2/4 2/8 5/0 ESC $ ( P

moriyama · 2023-11-03T14:36:44Z

I reproduced it using the following steps:

$ CFLAGS="-fsanitize=address" CXXFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" ./configure
$ export ASAN_OPTIONS="detect_leaks=0"
$ make
$ ./python -c "print('\u304b\u309a'.encode('iso2022_jp_2004'))"

…ad out of bounds (gh-111695)

…ecs read out of bounds (pythongh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…004 codecs read out of bounds (pythongh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

gh-111771) [3.11] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…decs read out of bounds (gh-111695) (gh-111769) gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…004 codecs read out of bounds (pythongh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…04 codecs read out of bounds (pythongh-111695) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…decs read out of bounds (gh-111695) (gh-111779) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…ecs read out of bounds (gh-111695) (gh-111780) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…ecs read out of bounds (gh-111695) (gh-111781) (cherry picked from commit c8faa35) Co-authored-by: Masayuki Moriyama <masayuki.moriyama@miraclelinux.com>

…ecs read out of bounds (pythongh-111695)

stasos24 added the type-bug An unexpected behavior, bug, or error label Jan 20, 2023

gpshead self-assigned this Feb 8, 2023

gpshead added a commit to gpshead/cpython that referenced this issue Feb 8, 2023

pythongh-101180: PR demonstrating the ASAN failure

3796c38

To make it easy to reproduce. Build your PR branch using: `./configure --with-address-sanitizer && make`

bedevere-bot mentioned this issue Feb 8, 2023

gh-101180: PR demonstrating the ASAN failure #101720

Closed

gpshead changed the title ~~Modules/cjkcodecs/_codecs_iso2022.c:808 - Read of Bounds~~ Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds Feb 8, 2023

gpshead added the type-security A security issue label Feb 8, 2023

gpshead added the topic-unicode label Feb 9, 2023

gpshead removed their assignment Feb 9, 2023

gpshead assigned gpshead, vstinner, hyeshik and serhiy-storchaka Feb 9, 2023

corona10 self-assigned this Feb 9, 2023

moriyama added a commit to moriyama/cpython that referenced this issue Nov 3, 2023

pythongh-101180: Add NEWS

59e3e6f

corona10 pushed a commit that referenced this issue Nov 6, 2023

gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs re…

c8faa35

…ad out of bounds (gh-111695)

This was referenced Nov 6, 2023

[3.12] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111769

Merged

[3.11] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 co… #111771

Merged

corona10 closed this as completed Nov 6, 2023

bedevere-app bot mentioned this issue Nov 6, 2023

[3.10] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111779

Merged

bedevere-app bot mentioned this issue Nov 6, 2023

[3.9] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111780

Merged

bedevere-app bot mentioned this issue Nov 6, 2023

[3.8] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111781

Merged

hugovk pushed a commit to hugovk/cpython that referenced this issue Nov 8, 2023

pythongh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 cod…

1ca6382

…ecs read out of bounds (pythongh-111695)

aisk pushed a commit to aisk/cpython that referenced this issue Feb 11, 2024

pythongh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 cod…

dca2422

…ecs read out of bounds (pythongh-111695)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds #101180

Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds #101180

stasos24 commented Jan 20, 2023 •

edited by bedevere-app bot

gpshead commented Feb 8, 2023

gpshead commented Feb 9, 2023

stasos24 commented Oct 24, 2023 •

edited

serhiy-storchaka commented Oct 24, 2023

vstinner commented Oct 31, 2023

vstinner commented Oct 31, 2023

vstinner commented Oct 31, 2023

moriyama commented Nov 3, 2023

Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds #101180

Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds #101180

Comments

stasos24 commented Jan 20, 2023 • edited by bedevere-app bot

Bug report

Your environment

Steps to reproduce

Prerequisites

Linked PRs

gpshead commented Feb 8, 2023

gpshead commented Feb 9, 2023

stasos24 commented Oct 24, 2023 • edited

serhiy-storchaka commented Oct 24, 2023

vstinner commented Oct 31, 2023

vstinner commented Oct 31, 2023

vstinner commented Oct 31, 2023

moriyama commented Nov 3, 2023

stasos24 commented Jan 20, 2023 •

edited by bedevere-app bot

stasos24 commented Oct 24, 2023 •

edited