From dbe9f9ce429818620f6598ee7f5a8a8718fbe483 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 22:37:01 +0200 Subject: [PATCH 1/6] fix mit blurb --- .../2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst | 1 + Modules/binascii.c | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst diff --git a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst new file mode 100644 index 00000000000000..4837ef9777e292 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst @@ -0,0 +1 @@ +Fix :func:`binascii.a2b_uu` reading past the end of an empty input buffer. diff --git a/Modules/binascii.c b/Modules/binascii.c index 7e6e9655f8d498..3900a6bc04bdaf 100644 --- a/Modules/binascii.c +++ b/Modules/binascii.c @@ -508,6 +508,14 @@ binascii_a2b_uu_impl(PyObject *module, Py_buffer *data) assert(ascii_len >= 0); /* First byte: binary data length (in bytes) */ + if (ascii_len == 0) { + state = get_binascii_state(module); + if (state == NULL) { + return NULL; + } + PyErr_SetString(state->Error, "Empty string"); + return NULL; + } bin_len = (*ascii_data++ - ' ') & 077; ascii_len--; From 8a1a5c2d236988d22a719ab48294be5955d480f0 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 22:51:42 +0200 Subject: [PATCH 2/6] test --- Lib/test/test_binascii.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py index 6991e2ef6815e3..de9674039472a4 100644 --- a/Lib/test/test_binascii.py +++ b/Lib/test/test_binascii.py @@ -1307,6 +1307,10 @@ def test_uu(self): self.assertRaises(binascii.Error, binascii.a2b_uu, b"\xff\x00") self.assertRaises(binascii.Error, binascii.a2b_uu, b"!!!!") self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!") + self.assertRaises(binascii.Error, binascii.a2b_uu, + self.type2test(b"")) + self.assertRaises(binascii.Error, binascii.a2b_uu, + self.type2test(b"#86)C")[:0]) # Issue #7701 (crash on a pydebug build) self.assertEqual(binascii.b2a_uu(b'x'), b'!> \n') @@ -1522,6 +1526,9 @@ def test_empty_string(self): binascii.crc_hqx(empty, 0) continue f = getattr(binascii, func) + if func == 'a2b_uu': + self.assertRaises(binascii.Error, f, empty) + continue try: f(empty) except Exception as err: From 42749c7459c5bf3e1bfcf347909325fe60381d55 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 23:00:49 +0200 Subject: [PATCH 3/6] better error msg --- Modules/binascii.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/binascii.c b/Modules/binascii.c index 3900a6bc04bdaf..673dca6ee134bd 100644 --- a/Modules/binascii.c +++ b/Modules/binascii.c @@ -513,7 +513,7 @@ binascii_a2b_uu_impl(PyObject *module, Py_buffer *data) if (state == NULL) { return NULL; } - PyErr_SetString(state->Error, "Empty string"); + PyErr_SetString(state->Error, "Missing length byte"); return NULL; } bin_len = (*ascii_data++ - ' ') & 077; From c0255da8868de77a30ceb5157aea0926e91914a4 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 23:02:29 +0200 Subject: [PATCH 4/6] better blurb --- .../Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst index 4837ef9777e292..06c5dc9ad647c4 100644 --- a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst +++ b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst @@ -1 +1,2 @@ -Fix :func:`binascii.a2b_uu` reading past the end of an empty input buffer. +Fix :func:`binascii.a2b_uu` reading past the end of an empty input buffer. Now +it raises :exc:`binascii.Error`, instead of reading past the buffer end. From 6777a45875dea1639668f0f6c25c2a5a2d151fe1 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 23:08:00 +0200 Subject: [PATCH 5/6] smaller diff --- Lib/test/test_binascii.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/test_binascii.py b/Lib/test/test_binascii.py index de9674039472a4..cedbdc61f18f34 100644 --- a/Lib/test/test_binascii.py +++ b/Lib/test/test_binascii.py @@ -1306,11 +1306,11 @@ def test_uu(self): self.assertEqual(binascii.a2b_uu(b"\xff"), b"\x00"*31) self.assertRaises(binascii.Error, binascii.a2b_uu, b"\xff\x00") self.assertRaises(binascii.Error, binascii.a2b_uu, b"!!!!") - self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!") self.assertRaises(binascii.Error, binascii.a2b_uu, self.type2test(b"")) self.assertRaises(binascii.Error, binascii.a2b_uu, self.type2test(b"#86)C")[:0]) + self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!") # Issue #7701 (crash on a pydebug build) self.assertEqual(binascii.b2a_uu(b'x'), b'!> \n') From 27cdd4ff36d507ebea17867b270885244e2f5296 Mon Sep 17 00:00:00 2001 From: maurycy <5383+maurycy@users.noreply.github.com> Date: Mon, 27 Apr 2026 23:11:00 +0200 Subject: [PATCH 6/6] i should go to sleep --- .../Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst index 06c5dc9ad647c4..9418044201f8bd 100644 --- a/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst +++ b/Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst @@ -1,2 +1,2 @@ -Fix :func:`binascii.a2b_uu` reading past the end of an empty input buffer. Now -it raises :exc:`binascii.Error`, instead of reading past the buffer end. +Fix an out-of-bounds read of one byte in :func:`binascii.a2b_uu`. Raise +:exc:`binascii.Error`, instead of reading past the buffer end.