New submission from Gregory P. Smith <[email protected]>: in 3.8 this was not a valid codec name: "เ_เ_เ_iDnA" in 3.9 it gets treated as idna and triggers the punycode decoder when passed to bytes.decode(codec).
Discovered by oss-fuzz. _Likely_ a consequence of https://bugs.python.org/issue37751 The consequences of this change are that anyone can stuff heinous strings into codec names and get a non-LookupError behavior out of them. Anywhere codecs can be part of user input this has many interesting potential negative consequences. <=3.8 gave `LookupError("unknown encoding: ...` ---------- keywords: 3.9regression messages: 411535 nosy: gregory.p.smith priority: normal severity: normal stage: needs patch status: open title: codec name acceptance became way too lenient in 3.9 type: behavior versions: Python 3.10, Python 3.11, Python 3.9 _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue46508> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
