-
-
Notifications
You must be signed in to change notification settings - Fork 33.6k
gh-140594: Fix buffer overflow when feeding NULL bytes to PyOS_StdioReadline
#140910
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
ashm-dev
wants to merge
16
commits into
python:main
Choose a base branch
from
ashm-dev:asan
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+13
−1
Open
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
0463fb7
Fix heap-buffer-overflow when reading null bytes
ashm-dev 71d79ca
Add test for NUL byte in interactive mode
ashm-dev 42fdcfb
test: refactor null byte interactive mode test to use EnvironmentVarG…
ashm-dev b09a4c8
docs: improve security advisory for PyOS_StdioReadline fix
ashm-dev 976dedb
test: remove unnecessary -S and -q flags from null byte test
ashm-dev 3f4a6be
Update Misc/NEWS.d/next/Security/2025-11-02-16-23-17.gh-issue-140594.…
ashm-dev 2392f76
test: simplify null byte interactive mode test to use spawn_python
ashm-dev cfd56e6
Update Lib/test/test_cmd_line.py
ashm-dev 2647f02
test: simplify null byte interactive mode test by removing unnecessar…
ashm-dev 11912ec
Merge branch 'main' into asan
ashm-dev 010a482
Merge remote-tracking branch 'upstream/main' into asan
ashm-dev 9dbeba9
fix
ashm-dev a982737
fix comment
ashm-dev 6f83dc8
fix test docstring
ashm-dev 6ffaace
fix news
ashm-dev 43025bd
Merge branch 'main' into asan
ashm-dev File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
2 changes: 2 additions & 0 deletions
2
Misc/NEWS.d/next/Security/2025-11-02-16-23-17.gh-issue-140594.YIWUpl.rst
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| Fixed heap-buffer-overflow in PyOS_StdioReadline when encountering null | ||
| bytes in interactive input. Patch by Shamil Abdulaev. | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.