[Python-modules-commits] r13876 - in packages/python-cjson/branches/lenny/debian/patches (1 file)

chrisk-guest at users.alioth.debian.org chrisk-guest at users.alioth.debian.org
Sat Jul 10 19:54:29 UTC 2010 

    Date: Saturday, July 10, 2010 @ 19:54:28
  Author: chrisk-guest
Revision: 13876

Remove stray duplicate of patch

Deleted:
  packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666

Deleted: packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666
===================================================================
--- packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666	2010-07-10 19:48:25 UTC (rev 13875)
+++ packages/python-cjson/branches/lenny/debian/patches/0001-fix-for-CVE-2010-1666	2010-07-10 19:54:28 UTC (rev 13876)
@@ -1,90 +0,0 @@
-Author: Matt Giuca
-Date: Tue, 06 Jul 2010 23:31:15 +0200
-Subject: [PATCH] Fix for CVE-2010-1666
-
-Matt Giuca discovered a potential buffer overflow in python-cjson. It has been
-assigned CVE-2010-1666. This patch is taken from the patch submitted and
-applied to Ubuntu's version of python-cjson.
-
-Origin: other, https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
-Bug-Debian: http://bugs.debian.org/587700
-Forwarded: yes
-Last-Update: 2010-10-07
-Index: python-cjson-1.0.5-new/cjson.c
-===================================================================
---- python-cjson-1.0.5-new.orig/cjson.c	2010-07-06 23:29:27.898903297 +0200
-+++ python-cjson-1.0.5-new/cjson.c	2010-07-06 23:29:41.901838748 +0200
-@@ -613,6 +613,25 @@
-     char *p;
- 
-     static const char *hexdigit = "0123456789abcdef";
-+#ifdef Py_UNICODE_WIDE
-+    const Py_ssize_t expandsize = 10;
-+#else
-+    const Py_ssize_t expandsize = 6;
-+#endif
-+
-+    /* Initial allocation is based on the longest-possible unichr
-+       escape.
-+
-+       In wide (UTF-32) builds '\U00xxxxxx' is 10 chars per source
-+       unichr, so in this case it's the longest unichr escape. In
-+       narrow (UTF-16) builds this is five chars per source unichr
-+       since there are two unichrs in the surrogate pair, so in narrow
-+       (UTF-16) builds it's not the longest unichr escape.
-+
-+       In wide or narrow builds '\uxxxx' is 6 chars per source unichr,
-+       so in the narrow (UTF-16) build case it's the longest unichr
-+       escape.
-+    */
- 
-     s = PyUnicode_AS_UNICODE(unicode);
-     size = PyUnicode_GET_SIZE(unicode);
-@@ -623,7 +642,7 @@
-         return NULL;
-     }
- 
--    repr = PyString_FromStringAndSize(NULL, 2 + 6*size + 1);
-+    repr = PyString_FromStringAndSize(NULL, 2 + expandsize*size + 1);
-     if (repr == NULL)
-         return NULL;
- 
-@@ -644,15 +663,6 @@
- #ifdef Py_UNICODE_WIDE
-         /* Map 21-bit characters to '\U00xxxxxx' */
-         else if (ch >= 0x10000) {
--            int offset = p - PyString_AS_STRING(repr);
--
--            /* Resize the string if necessary */
--            if (offset + 12 > PyString_GET_SIZE(repr)) {
--                if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
--                    return NULL;
--                p = PyString_AS_STRING(repr) + offset;
--            }
--
-             *p++ = '\\';
-             *p++ = 'U';
-             *p++ = hexdigit[(ch >> 28) & 0x0000000F];
-Index: python-cjson-1.0.5-new/jsontest.py
-===================================================================
---- python-cjson-1.0.5-new.orig/jsontest.py	2010-07-06 23:29:27.965871886 +0200
-+++ python-cjson-1.0.5-new/jsontest.py	2010-07-06 23:29:41.901838748 +0200
-@@ -316,6 +316,18 @@
- 
-     def testWriteLong(self):
-         self.assertEqual("12345678901234567890", cjson.encode(12345678901234567890))
-+
-+    def testWriteLongUnicode(self):
-+        # This test causes a buffer overrun in cjson 1.0.5, on UCS4 builds.
-+        # The string length is only resized for wide unicode characters if
-+        # there is less than 12 bytes of space left. Padding with
-+        # narrow-but-escaped characters prevents string resizing.
-+        # Note that u'\U0001D11E\u1234' also breaks, but sometimes goes
-+        # undetected.
-+        s = cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E'
-+                         u'\u1234\u1234\u1234\u1234\u1234\u1234')
-+        self.assertEqual(r'"\U0001d11e\U0001d11e\U0001d11e\U0001d11e'
-+                         r'\u1234\u1234\u1234\u1234\u1234\u1234"', s)
-         
- def main():
-     unittest.main()

More information about the Python-modules-commits mailing list