djsundog/circuitpython
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

py/objstr: Don't crash when end < start

Browse Source 
.. and add testcases for the same.

(crash found by afl-fuzz)
This commit is contained in:
Jeff Epler 2018-03-31 21:27:56 -05:00
parent 3215b85568
commit 0041df0c6b
3 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
py/objstr.c
View File

@ -692,8 +692,13 @@ STATIC mp_obj_t str_finder(size_t n_args, const mp_obj_t *args, int direction, b
end = str_index_to_ptr(self_type, haystack, haystack_len, args[3], true); end = str_index_to_ptr(self_type, haystack, haystack_len, args[3], true);
} }
if (end < start) {
goto out_error;
}
const byte *p = find_subbytes(start, end - start, needle, needle_len, direction); const byte *p = find_subbytes(start, end - start, needle, needle_len, direction);
if (p == NULL) { if (p == NULL) {
out_error:
// not found // not found
if (is_index) { if (is_index) {
mp_raise_ValueError("substring not found"); mp_raise_ValueError("substring not found");

1
tests/basics/string_find.py
View File

@ -21,6 +21,7 @@ print("0000".find('-1', 3))
print("0000".find('1', 3)) print("0000".find('1', 3))
print("0000".find('1', 4)) print("0000".find('1', 4))
print("0000".find('1', 5)) print("0000".find('1', 5))
print("aaaaaaaaaaa".find("bbb", 9, 2))
try: try:
'abc'.find(1) 'abc'.find(1)

1
tests/basics/string_rfind.py
View File

@ -21,3 +21,4 @@ print("0000".rfind('-1', 3))
print("0000".rfind('1', 3)) print("0000".rfind('1', 3))
print("0000".rfind('1', 4)) print("0000".rfind('1', 4))
print("0000".rfind('1', 5)) print("0000".rfind('1', 5))
print("aaaaaaaaaaa".rfind("bbb", 9, 2))