Kaydet (Commit) c0b7037d authored tarafından Serhiy Storchaka's avatar Serhiy Storchaka

Issue #28275: Fixed possible use adter free in LZMADecompressor.decompress().

Original patch by John Leitch.
üst f18a5daa
...@@ -246,6 +246,15 @@ class CompressorDecompressorTestCase(unittest.TestCase): ...@@ -246,6 +246,15 @@ class CompressorDecompressorTestCase(unittest.TestCase):
lzd = LZMADecompressor(lzma.FORMAT_RAW, filters=FILTERS_RAW_1) lzd = LZMADecompressor(lzma.FORMAT_RAW, filters=FILTERS_RAW_1)
self.assertRaises(LZMAError, lzd.decompress, COMPRESSED_XZ) self.assertRaises(LZMAError, lzd.decompress, COMPRESSED_XZ)
def test_decompressor_bug_28275(self):
# Test coverage for Issue 28275
lzd = LZMADecompressor()
for i in range(2):
try:
lzd.decompress(COMPRESSED_RAW_1)
except LZMAError:
pass
# Test that LZMACompressor->LZMADecompressor preserves the input data. # Test that LZMACompressor->LZMADecompressor preserves the input data.
def test_roundtrip_xz(self): def test_roundtrip_xz(self):
......
...@@ -80,6 +80,9 @@ Core and Builtins ...@@ -80,6 +80,9 @@ Core and Builtins
Library Library
------- -------
- Issue #28275: Fixed possible use adter free in LZMADecompressor.decompress().
Original patch by John Leitch.
- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation() - Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
if pass invalid string-like object as a name. Patch by Xiang Zhang. if pass invalid string-like object as a name. Patch by Xiang Zhang.
......
...@@ -1005,8 +1005,10 @@ decompress(Decompressor *d, uint8_t *data, size_t len, Py_ssize_t max_length) ...@@ -1005,8 +1005,10 @@ decompress(Decompressor *d, uint8_t *data, size_t len, Py_ssize_t max_length)
} }
result = decompress_buf(d, max_length); result = decompress_buf(d, max_length);
if(result == NULL) if (result == NULL) {
lzs->next_in = NULL;
return NULL; return NULL;
}
if (d->eof) { if (d->eof) {
d->needs_input = 0; d->needs_input = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment