[Python-checkins] gh-140979: Fix off-by-one error in the RE code validator (GH-140984)

serhiy-storchaka Tue, 04 Nov 2025 07:50:22 -0800

https://github.com/python/cpython/commit/1326d2a808245e5f2de9e515460bab30556e8f05
commit: 1326d2a808245e5f2de9e515460bab30556e8f05
branch: main
author: Serhiy Storchaka <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2025-11-04T17:49:44+02:00
summary:


gh-140979: Fix off-by-one error in the RE code validator (GH-140984)

It was too lenient and allowed MARK opcodes with too large value.

files:
M Modules/_sre/sre.c

diff --git a/Modules/_sre/sre.c b/Modules/_sre/sre.c
index fdf00e6499cb6b..4e97101b699876 100644
--- a/Modules/_sre/sre.c
+++ b/Modules/_sre/sre.c
@@ -1946,7 +1946,7 @@ _validate_inner(SRE_CODE *code, SRE_CODE *end, Py_ssize_t 
groups)
                sre_match() code is robust even if they don't, and the worst
                you can get is nonsensical match results. */
             GET_ARG;
-            if (arg > 2 * (size_t)groups + 1) {
+            if (arg >= 2 * (size_t)groups) {
                 VTRACE(("arg=%d, groups=%d\n", (int)arg, (int)groups));
                 FAIL;
             }

_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]

[Python-checkins] gh-140979: Fix off-by-one error in the RE code validator (GH-140984)

Reply via email to