New submission from STINNER Victor <[EMAIL PROTECTED]>:
scanstring_str() and scanstring_unicode() functions don't end value
whereas it can be outside input string range. A check like this is
needed:
if (end < 0 || len <= end) {
PyErr_SetString(PyExc_ValueError, "xxx");
return NULL;
}
next is set to begin but few lines later (before first use of next),
it's set to end: for (next = end; ...).
In error message, eg. "Invalid control character at (...)", begin is
used as character position but I think that the right position is in
the variable "end" (or maybe "next"?).
I'm unable to fix these functions because I don't understand the code.
----------
components: Library (Lib)
messages: 69447
nosy: haypo
severity: normal
status: open
title: bugs in scanstring_str() and scanstring_unicode() of _json module
type: crash
versions: Python 2.6
_______________________________________
Python tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue3322>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
