[issue14579] Possible vulnerability in the utf-16 decoder after error handling

Serhiy Storchaka added the comment: Here is a patch, which took into account the Martin suggestions. -- title: Vulnerability in the utf-16 decoder after error handling -> Possible vulnerability in the utf-16 decoder after error handling Added file: http://bugs.python.org/file25352/utf1

[issue14579] Possible vulnerability in the utf-16 decoder after error handling

Serhiy Storchaka added the comment: There is the crasher and leaker. When Python is not crashing, there is garbage (i.e. leakage of data) at the end of the decoded string. Indeed, I see an English text in some versions of Python. There are many other errors in utf-16 decoder (see, for example

[issue14579] Possible vulnerability in the utf-16 decoder after error handling

Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue14579] Possible vulnerability in the utf-16 decoder after error handling

Changes by Serhiy Storchaka : Added file: http://bugs.python.org/file25214/utf16_update_after_error-3.2.patch ___ Python tracker ___ ___ Pytho

[issue14579] Possible vulnerability in the utf-16 decoder after error handling

Changes by Ezio Melotti : -- nosy: +ezio.melotti, pitrou stage: -> test needed ___ Python tracker ___ ___ Python-bugs-list mailing li

[issue14579] Possible vulnerability in the utf-16 decoder after error handling

New submission from Serhiy Storchaka : In the utf-16 decoder after calling unicode_decode_call_errorhandler aligned_end is not updated. This may potentially cause data leaks, memory damage, and crash. The bug introduced by implementation of the issue #4868. In a similar situation in the utf-8