René's URL Explorer Experiment

Title: Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds · Issue #101180 · python/cpython · GitHub

Open Graph Title: Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds · Issue #101180 · python/cpython

X Title: Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds · Issue #101180 · python/cpython

Description: Bug report ==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48 READ of size 4 at 0x7ffef35c8f14 thread T0 #0 0x7f3e0254c47b in jisx0213_encoder Modules...

Open Graph Description: Bug report ==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48 READ of size 4 at 0x7ffef35c8f14 thread T0 #0 0x...

X Description: Bug report ==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48 READ of size 4 at 0x7ffef35c8f14 thread T0 #0 0x...

Opengraph URL: https://github.com/python/cpython/issues/101180

X: @github

direct link

Domain: github.com

Hey, it has json ld scripts:

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds","articleBody":"# Bug report\r\n```\r\n==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48\r\nREAD of size 4 at 0x7ffef35c8f14 thread T0\r\n    #0 0x7f3e0254c47b in jisx0213_encoder Modules/cjkcodecs/_codecs_iso2022.c:808\r\n    #1 0x7f3e0254c47b in jisx0213_2004_1_encoder_paironly Modules/cjkcodecs/_codecs_iso2022.c:894\r\n    #2 0x7f3e025469a9 in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:196\r\n    #3 0x7f3e02536457 in multibytecodec_encode Modules/cjkcodecs/multibytecodec.c:523\r\n    #4 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode_impl Modules/cjkcodecs/multibytecodec.c:620\r\n    #5 0x7f3e0253829e in _multibytecodec_MultibyteCodec_encode Modules/cjkcodecs/clinic/multibytecodec.c.h:91\r\n    #6 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438\r\n    #7 0x55e4cc5b029e in PyObject_Call (/home/kali/Downloads/cpython/python+0x3e629e)\r\n    #8 0x55e4cc841026 in _PyCodec_EncodeInternal Python/codecs.c:419\r\n    #9 0x55e4cc9cb18f in _codecs_encode_impl Modules/_codecsmodule.c:132\r\n    #10 0x55e4cc9cb18f in _codecs_encode Modules/clinic/_codecsmodule.c.h:166\r\n    #11 0x55e4cc690361 in cfunction_vectorcall_FASTCALL_KEYWORDS Objects/methodobject.c:438\r\n    #12 0x55e4cc5af6bf in _PyObject_VectorcallTstate Include/internal/pycore_call.h:92\r\n    #13 0x55e4cc5af6bf in PyObject_Vectorcall Objects/call.c:301\r\n    #14 0x55e4cc4753f6 in _PyEval_EvalFrameDefault Python/generated_cases.c.h:2982\r\n    #15 0x55e4cc83c811 in _PyEval_EvalFrame Include/internal/pycore_ceval.h:88\r\n    #16 0x55e4cc83c811 in _PyEval_Vector Python/ceval.c:1716\r\n    #17 0x55e4cc83c811 in PyEval_EvalCode Python/ceval.c:578\r\n    #18 0x55e4cc91aebd in run_eval_code_obj Python/pythonrun.c:1702\r\n    #19 0x55e4cc91aebd in run_mod Python/pythonrun.c:1723\r\n    #20 0x55e4cc91e6ca in pyrun_file Python/pythonrun.c:1617\r\n    #21 0x55e4cc91e6ca in _PyRun_SimpleFileObject Python/pythonrun.c:439\r\n    #22 0x55e4cc91f17a in _PyRun_AnyFileObject Python/pythonrun.c:78\r\n    #23 0x55e4cc976719 in pymain_run_file_obj Modules/main.c:360\r\n    #24 0x55e4cc976719 in pymain_run_file Modules/main.c:379\r\n    #25 0x55e4cc976719 in pymain_run_python Modules/main.c:610\r\n    #26 0x55e4cc977ebc in Py_RunMain Modules/main.c:689\r\n    #27 0x55e4cc977ebc in pymain_main Modules/main.c:719\r\n    #28 0x55e4cc977ebc in Py_BytesMain Modules/main.c:743\r\n    #29 0x7f3e052d6209 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\r\n    #30 0x7f3e052d62bb in __libc_start_main_impl ../csu/libc-start.c:389\r\n    #31 0x55e4cc49c3f0 in _start (/home/kali/Downloads/cpython/python+0x2d23f0)\r\n\r\nAddress 0x7ffef35c8f14 is located in stack of thread T0 at offset 52 in frame\r\n    #0 0x7f3e0254644f in iso2022_encode Modules/cjkcodecs/_codecs_iso2022.c:157\r\n\r\n  This frame has 2 object(s):\r\n    [48, 52) 'c' (line 161) \u003c== Memory access at offset 52 overflows this variable\r\n    [64, 72) 'length' (line 184)\r\nHINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork\r\n      (longjmp and C++ exceptions *are* supported)\r\nSUMMARY: AddressSanitizer: stack-buffer-overflow Modules/cjkcodecs/_codecs_iso2022.c:808 in jisx0213_encoder\r\nShadow bytes around the buggy address:\r\n  0x10005e6b1190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b11a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b11b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b11c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b11d0: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1\r\n=\u003e0x10005e6b11e0: f1 f1[04]f2 00 f3 f3 f3 00 00 00 00 00 00 00 00\r\n  0x10005e6b11f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b1200: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 f3\r\n  0x10005e6b1210: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\r\n  0x10005e6b1220: 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 00 f2 f2 f2\r\n  0x10005e6b1230: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n  Addressable:           00\r\n  Partially addressable: 01 02 03 04 05 06 07 \r\n  Heap left redzone:       fa\r\n  Freed heap region:       fd\r\n  Stack left redzone:      f1\r\n  Stack mid redzone:       f2\r\n  Stack right redzone:     f3\r\n  Stack after return:      f5\r\n  Stack use after scope:   f8\r\n  Global redzone:          f9\r\n  Global init order:       f6\r\n  Poisoned by user:        f7\r\n  Container overflow:      fc\r\n  Array cookie:            ac\r\n  Intra object redzone:    bb\r\n  ASan internal:           fe\r\n  Left alloca redzone:     ca\r\n  Right alloca redzone:    cb\r\n  Shadow gap:              cc\r\n==2729==ABORTING\r\n```\r\n\r\n# Your environment\r\n\r\n\r\n- CPython versions tested on: 3.12, 3.11, 3.10\r\n- Operating system and architecture: x86_x64 NAME=\"Kali GNU/Linux\" \"2022.3\" (Reproduced also on other debian OS)\r\n\r\n# Steps to reproduce\r\n\r\n- CFLAGS=\"-fsanitize=address\" CXXFLAGS=\"-fsanitize=address\" LDFLAGS=\"-fsanitize=address\" ./configure\r\n- make\r\n- copy test.py and crashfile to /cpython directory\r\n- run ./python test.py\r\n# Prerequisites\r\n[crashfile.txt](https://github.com/python/cpython/files/10464270/crashfile.txt)\r\ntest.py\r\n```\r\nimport codecs\r\nf=open('crashfile.txt', 'r')\r\ntext=f.read()\r\nprint(text)\r\ncodecs.encode(text, encoding='iso2022_jp_2004', errors='ignore')\r\n```\r\n\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-101720\n* gh-111695\n* gh-111769\n* gh-111771\n* gh-111779\n* gh-111780\n* gh-111781\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/stasos24","@type":"Person","name":"stasos24"},"datePublished":"2023-01-20T07:58:02.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":8},"url":"https://github.com/101180/cpython/issues/101180"}

route-pattern	/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controller	voltron_issues_fragments
route-action	issue_layout
fetch-nonce	v2:584d3432-54e1-6acc-260c-6fa01279b09d
current-catalog-service-hash	81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-id	EBC6:1F9980:10C5554:16719E2:69699275
html-safe-nonce	32e846f3c3e53897e0999dc54fc9e1d2a76b1040523eb94c4f088b45ff2f2390
visitor-payload	eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQkM2OjFGOTk4MDoxMEM1NTU0OjE2NzE5RTI6Njk2OTkyNzUiLCJ2aXNpdG9yX2lkIjoiODQxMjMyMzU5NTcwMTI5MzY4NSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac	f01ba7eda4bca691ce8365726abb25876b58e942cadf6b90bfd4ff7bc900a272
hovercard-subject-tag	issue:1550444646
github-keyboard-shortcuts	repository,issues,copilot
google-site-verification	Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-url	https://collector.github.com/github/collect
analytics-location	///voltron/issues_fragments/issue_layout
fb:app_id	1401488693436528
apple-itunes-app	app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/python/cpython/101180/issue_layout
twitter:image	https://opengraph.githubassets.com/908a8dcb418a028ad2884d31d60dd619e654979fd6df500bf3c4ba316138a825/python/cpython/issues/101180
twitter:card	summary_large_image
og:image	https://opengraph.githubassets.com/908a8dcb418a028ad2884d31d60dd619e654979fd6df500bf3c4ba316138a825/python/cpython/issues/101180
og:image:alt	Bug report ==2729==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffef35c8f14 at pc 0x7f3e0254c47c bp 0x7ffef35c8e50 sp 0x7ffef35c8e48 READ of size 4 at 0x7ffef35c8f14 thread T0 #0 0x...
og:image:width	1200
og:image:height	600
og:site_name	GitHub
og:type	object
og:author:username	stasos24
hostname	github.com
expected-hostname	github.com
None	3542e147982176a7ebaa23dfb559c8af16f721c03ec560c68c56b64a0f35e751
turbo-cache-control	no-preview
go-import	github.com/python/cpython git https://github.com/python/cpython.git
octolytics-dimension-user_id	1525981
octolytics-dimension-user_login	python
octolytics-dimension-repository_id	81598961
octolytics-dimension-repository_nwo	python/cpython
octolytics-dimension-repository_public	true
octolytics-dimension-repository_is_fork	false
octolytics-dimension-repository_network_root_id	81598961
octolytics-dimension-repository_network_root_nwo	python/cpython
turbo-body-classes	logged-out env-production page-responsive
disable-turbo	false
browser-stats-url	https://api.github.com/_private/browser/stats
browser-errors-url	https://api.github.com/_private/browser/errors
release	af80af7cc9e3de9c336f18b208a600950a3c187c
ui-target	full
theme-color	#1e2327
color-scheme	light dark

Links:

Skip to content	https://github.com/python/cpython/issues/101180#start-of-content
	https://github.com/
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fissues%2F101180
GitHub CopilotWrite better code with AI	https://github.com/features/copilot
GitHub SparkBuild and deploy intelligent apps	https://github.com/features/spark
GitHub ModelsManage and compare prompts	https://github.com/features/models
MCP RegistryNewIntegrate external tools	https://github.com/mcp
ActionsAutomate any workflow	https://github.com/features/actions
CodespacesInstant dev environments	https://github.com/features/codespaces
IssuesPlan and track work	https://github.com/features/issues
Code ReviewManage code changes	https://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilities	https://github.com/security/advanced-security
Code securitySecure your code as you build	https://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they start	https://github.com/security/advanced-security/secret-protection
Why GitHub	https://github.com/why-github
Documentation	https://docs.github.com
Blog	https://github.blog
Changelog	https://github.blog/changelog
Marketplace	https://github.com/marketplace
View all features	https://github.com/features
Enterprises	https://github.com/enterprise
Small and medium teams	https://github.com/team
Startups	https://github.com/enterprise/startups
Nonprofits	https://github.com/solutions/industry/nonprofits
App Modernization	https://github.com/solutions/use-case/app-modernization
DevSecOps	https://github.com/solutions/use-case/devsecops
DevOps	https://github.com/solutions/use-case/devops
CI/CD	https://github.com/solutions/use-case/ci-cd
View all use cases	https://github.com/solutions/use-case
Healthcare	https://github.com/solutions/industry/healthcare
Financial services	https://github.com/solutions/industry/financial-services
Manufacturing	https://github.com/solutions/industry/manufacturing
Government	https://github.com/solutions/industry/government
View all industries	https://github.com/solutions/industry
View all solutions	https://github.com/solutions
AI	https://github.com/resources/articles?topic=ai
Software Development	https://github.com/resources/articles?topic=software-development
DevOps	https://github.com/resources/articles?topic=devops
Security	https://github.com/resources/articles?topic=security
View all topics	https://github.com/resources/articles
Customer stories	https://github.com/customer-stories
Events & webinars	https://github.com/resources/events
Ebooks & reports	https://github.com/resources/whitepapers
Business insights	https://github.com/solutions/executive-insights
GitHub Skills	https://skills.github.com
Documentation	https://docs.github.com
Customer support	https://support.github.com
Community forum	https://github.com/orgs/community/discussions
Trust center	https://github.com/trust-center
Partners	https://github.com/partners
GitHub SponsorsFund open source developers	https://github.com/sponsors
Security Lab	https://securitylab.github.com
Maintainer Community	https://maintainers.github.com
Accelerator	https://github.com/accelerator
Archive Program	https://archiveprogram.github.com
Topics	https://github.com/topics
Trending	https://github.com/trending
Collections	https://github.com/collections
Enterprise platformAI-powered developer platform	https://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security features	https://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI features	https://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 support	https://github.com/premium-support
Pricing	https://github.com/pricing
Search syntax tips	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentation	https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in	https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fpython%2Fcpython%2Fissues%2F101180
Sign up	https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=python%2Fcpython
Reload	https://github.com/python/cpython/issues/101180
Reload	https://github.com/python/cpython/issues/101180
Reload	https://github.com/python/cpython/issues/101180
python	https://github.com/python
cpython	https://github.com/python/cpython
Please reload this page	https://github.com/python/cpython/issues/101180
Notifications	https://github.com/login?return_to=%2Fpython%2Fcpython
Fork 33.9k	https://github.com/login?return_to=%2Fpython%2Fcpython
Star 71.1k	https://github.com/login?return_to=%2Fpython%2Fcpython
Code	https://github.com/python/cpython
Issues 5k+	https://github.com/python/cpython/issues
Pull requests 2.1k	https://github.com/python/cpython/pulls
Actions	https://github.com/python/cpython/actions
Projects 31	https://github.com/python/cpython/projects
Security Uh oh! There was an error while loading. Please reload this page.	https://github.com/python/cpython/security
Please reload this page	https://github.com/python/cpython/issues/101180
Insights	https://github.com/python/cpython/pulse
Code	https://github.com/python/cpython
Issues	https://github.com/python/cpython/issues
Pull requests	https://github.com/python/cpython/pulls
Actions	https://github.com/python/cpython/actions
Projects	https://github.com/python/cpython/projects
Security	https://github.com/python/cpython/security
Insights	https://github.com/python/cpython/pulse
New issue	https://github.com/login?return_to=https://github.com/python/cpython/issues/101180
New issue	https://github.com/login?return_to=https://github.com/python/cpython/issues/101180
Modules/cjkcodecs/_codecs_iso2022.c - read out of bounds	https://github.com/python/cpython/issues/101180#top
	https://github.com/gpshead
	https://github.com/vstinner
	https://github.com/hyeshik
	https://github.com/serhiy-storchaka
	https://github.com/corona10
topic-unicode	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22topic-unicode%22
type-bugAn unexpected behavior, bug, or error	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22type-bug%22
type-securityA security issue	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22type-security%22
	https://github.com/stasos24
	https://github.com/stasos24
stasos24	https://github.com/stasos24
on Jan 20, 2023	https://github.com/python/cpython/issues/101180#issue-1550444646
crashfile.txt	https://github.com/python/cpython/files/10464270/crashfile.txt
gh-101180: PR demonstrating the ASAN failure #101720	https://github.com/python/cpython/pull/101720
gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds #111695	https://github.com/python/cpython/pull/111695
[3.12] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111769	https://github.com/python/cpython/pull/111769
[3.11] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 co… #111771	https://github.com/python/cpython/pull/111771
[3.10] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111779	https://github.com/python/cpython/pull/111779
[3.9] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111780	https://github.com/python/cpython/pull/111780
[3.8] gh-101180: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds (gh-111695) #111781	https://github.com/python/cpython/pull/111781
corona10	https://github.com/corona10
gpshead	https://github.com/gpshead
hyeshik	https://github.com/hyeshik
serhiy-storchaka	https://github.com/serhiy-storchaka
vstinner	https://github.com/vstinner
topic-unicode	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22topic-unicode%22
type-bugAn unexpected behavior, bug, or error	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22type-bug%22
type-securityA security issue	https://github.com/python/cpython/issues?q=state%3Aopen%20label%3A%22type-security%22
	https://github.com
Terms	https://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacy	https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Security	https://github.com/security
Status	https://www.githubstatus.com/
Community	https://github.community/
Docs	https://docs.github.com/
Contact	https://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.