gh-145883: Fix two heap-buffer-overflows in _zoneinfo#145885
gh-145883: Fix two heap-buffer-overflows in _zoneinfo#145885StanFromIreland merged 7 commits intopython:mainfrom
_zoneinfo#145885Conversation
StanFromIreland
requested review from
AA-Turner,
hugovk and
webknjaz
as code owners
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
I have made the requested changes; please review again |
serhiy-storchaka
left a comment
serhiy-storchaka
left a comment
There was a problem hiding this comment.
LGTM. 👍
I only have questions about some auxiliary files.
| # zoneinfo | ||
| Path("Lib/zoneinfo/"), | ||
| Path("Modules/_zoneinfo.c"), |
There was a problem hiding this comment.
What is it about? How is this list use and why these additions are necessary?
There was a problem hiding this comment.
This is the list of files that triggers CIFuzz, we started fuzzing zoneinfo (which found one of the two bugs the following day) in python/library-fuzzers@eb273d5. It's not related to the issue, but it's so small I think including it here is fine.
StanFromIreland
added
needs backport to 3.13
|
Thanks @StanFromIreland for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13. |
|
Thanks @StanFromIreland for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14. |
…GH-145885) (cherry picked from commit fe9befc) Co-authored-by: Stan Ulbrych <stan@python.org>
|
GH-148086 is a backport of this pull request to the 3.13 branch. |
…GH-145885) (cherry picked from commit fe9befc) Co-authored-by: Stan Ulbrych <stan@python.org>
|
GH-148087 is a backport of this pull request to the 3.14 branch. |
4 participants
_zoneinfo: heap buffer overflow reads from malformed TZif data #145883