New submission from Serhiy Storchaka: There is reading one byte past the end of the input buffer in binascii.b2a_qp(). Following example shows the behavior difference depending on the value of this byte:
>>> binascii.b2a_qp(memoryview(b'..')[:-1]) b'.' >>> binascii.b2a_qp(bytes(memoryview(b'..')[:-1])) b'=2E' In rare cases (memoryview of mmap object or custom buffer) this can cause a segfault. Maybe there are similar issues with other binascii functions (not checked). ---------- components: Extension Modules messages: 271092 nosy: serhiy.storchaka priority: normal severity: normal stage: needs patch status: open title: Buffer overrun in binascii type: behavior versions: Python 2.7, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27599> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
