[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-20 Thread Georg Brandl
Georg Brandl [EMAIL PROTECTED] added the comment: Was merged in r65148. -- resolution: - fixed status: open - closed ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue3322 ___

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread STINNER Victor
STINNER Victor [EMAIL PROTECTED] added the comment: To reproduce the crash, try very big negative integer as second argument. Example: _json.scanstring(test, -23492394) Erreur de segmentation (core dumped) _json.scanstring(utest, -1239239) Erreur de segmentation (core dumped)

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread Georg Brandl
Georg Brandl [EMAIL PROTECTED] added the comment: Bob, do you know how to fix this? -- assignee: - bob.ippolito nosy: +bob.ippolito, georg.brandl ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue3322

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread STINNER Victor
STINNER Victor [EMAIL PROTECTED] added the comment: I wrote that I'm unable to fix the bug correctly, but I wrote a patch to avoid the crash: - replace begin by end in error messages: is it correct? - use end 0 || len = end test to check scanstring() second argument = raise a ValueError if

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread Bob Ippolito
Bob Ippolito [EMAIL PROTECTED] added the comment: Am I to understand that the bug here is that the C extension doesn't validate input properly if you call into it directly? Without a test I'm not entirely sure exactly how you could possibly get negative values into those functions using the json

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread Bob Ippolito
Bob Ippolito [EMAIL PROTECTED] added the comment: I've audited the patch, while it does fix the input range it looks like it regresses other things (at least the error messages). begin was intentionally used. The patch is not suitable for use, I'll create a minimal patch that just fixes input

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-19 Thread Bob Ippolito
Bob Ippolito [EMAIL PROTECTED] added the comment: I just committed a fix to trunk in r65147, needs port to py3k? -- assignee: bob.ippolito - georg.brandl ___ Python tracker [EMAIL PROTECTED] http://bugs.python.org/issue3322

[issue3322] bugs in scanstring_str() and scanstring_unicode() of _json module

2008-07-08 Thread STINNER Victor
New submission from STINNER Victor [EMAIL PROTECTED]: scanstring_str() and scanstring_unicode() functions don't end value whereas it can be outside input string range. A check like this is needed: if (end 0 || len = end) { PyErr_SetString(PyExc_ValueError, xxx); return