https://github.com/python/cpython/commit/fd9be78f4e43b2467411a206b54d49aba2763a49 commit: fd9be78f4e43b2467411a206b54d49aba2763a49 branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: serhiy-storchaka <[email protected]> date: 2025-11-04T18:16:40+02:00 summary:
[3.13] gh-140979: Fix off-by-one error in the RE code validator (GH-140984) (GH-141000) It was too lenient and allowed MARK opcodes with too large value. (cherry picked from commit 1326d2a808245e5f2de9e515460bab30556e8f05) Co-authored-by: Serhiy Storchaka <[email protected]> files: M Modules/_sre/sre.c diff --git a/Modules/_sre/sre.c b/Modules/_sre/sre.c index 898ebbfe89bcd2..c0cc8268d2de50 100644 --- a/Modules/_sre/sre.c +++ b/Modules/_sre/sre.c @@ -1932,7 +1932,7 @@ _validate_inner(SRE_CODE *code, SRE_CODE *end, Py_ssize_t groups) sre_match() code is robust even if they don't, and the worst you can get is nonsensical match results. */ GET_ARG; - if (arg > 2 * (size_t)groups + 1) { + if (arg >= 2 * (size_t)groups) { VTRACE(("arg=%d, groups=%d\n", (int)arg, (int)groups)); FAIL; } _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
