[3.13] gh-124248: Fix crash in struct when processing 0p fields (GH-124251) (#124277)

gh-124248: Fix crash in struct when processing 0p fields (GH-124251) (cherry picked from commit 63f196090f) Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
2025-10-31 05:31:20 +00:00 · 2024-09-30 03:06:32 +02:00 · 2024-09-30 03:06:32 +02:00 · dddae6647e
commit dddae6647e
parent 7f101dcfeb
4 changed files with 27 additions and 4 deletions
--- a/Lib/test/test_struct.py
+++ b/Lib/test/test_struct.py
@ -96,6 +96,13 @@ def test_new_features(self):
            ('10s', b'helloworld', b'helloworld', b'helloworld', 0),
            ('11s', b'helloworld', b'helloworld\0', b'helloworld\0', 1),
            ('20s', b'helloworld', b'helloworld'+10*b'\0', b'helloworld'+10*b'\0', 1),
+            ('0p', b'helloworld', b'', b'', 1),
+            ('1p', b'helloworld', b'\x00', b'\x00', 1),
+            ('2p', b'helloworld', b'\x01h', b'\x01h', 1),
+            ('10p', b'helloworld', b'\x09helloworl', b'\x09helloworl', 1),
+            ('11p', b'helloworld', b'\x0Ahelloworld', b'\x0Ahelloworld', 0),
+            ('12p', b'helloworld', b'\x0Ahelloworld\0', b'\x0Ahelloworld\0', 1),
+            ('20p', b'helloworld', b'\x0Ahelloworld'+9*b'\0', b'\x0Ahelloworld'+9*b'\0', 1),
            ('b', 7, b'\7', b'\7', 0),
            ('b', -7, b'\371', b'\371', 0),
            ('B', 7, b'\7', b'\7', 0),
@ -339,6 +346,7 @@ def assertStructError(func, *args, **kwargs):
    def test_p_code(self):
        # Test p ("Pascal string") code.
        for code, input, expected, expectedback in [
+                ('0p', b'abc', b'',                b''),
                ('p',  b'abc', b'\x00',            b''),
                ('1p', b'abc', b'\x00',            b''),
                ('2p', b'abc', b'\x01a',           b'a'),
@ -580,6 +588,7 @@ def test__sizeof__(self):
        self.check_sizeof('187s', 1)
        self.check_sizeof('20p', 1)
        self.check_sizeof('0s', 1)
+        self.check_sizeof('0p', 1)
        self.check_sizeof('0c', 0)

    def test_boundary_error_message(self):
--- a/Misc/ACKS
+++ b/Misc/ACKS
@ -1652,6 +1652,7 @@ Scott Schram
 Robin Schreiber
 Chad J. Schroeder
 Simon-Martin Schroeder
+Brian Schubert
 Christian Schubert
 Sam Schulenburg
 Andreas Schwab
--- a/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst
+++ b/Misc/NEWS.d/next/Library/2024-09-19-11-47-39.gh-issue-124248.g7rufd.rst
@ -0,0 +1,2 @@
+Fixed potential crash when using :mod:`struct` to process zero-width
+'Pascal string' fields (``0p``).
--- a/Modules/_struct.c
+++ b/Modules/_struct.c
@ -1669,9 +1669,16 @@ s_unpack_internal(PyStructObject *soself, const char *startfrom,
            if (e->format == 's') {
                v = PyBytes_FromStringAndSize(res, code->size);
            } else if (e->format == 'p') {
-                Py_ssize_t n = *(unsigned char*)res;
-                if (n >= code->size)
-                    n = code->size - 1;
+                Py_ssize_t n;
+                if (code->size == 0) {
+                    n = 0;
+                }
+                else {
+                    n = *(unsigned char*)res;
+                    if (n >= code->size) {
+                        n = code->size - 1;
+                    }
+                }
                v = PyBytes_FromStringAndSize(res + 1, n);
            } else {
                v = e->unpack(state, res, e);
@ -1982,8 +1989,12 @@ s_pack_internal(PyStructObject *soself, PyObject *const *args, int offset,
                    n = PyByteArray_GET_SIZE(v);
                    p = PyByteArray_AS_STRING(v);
                }
-                if (n > (code->size - 1))
+                if (code->size == 0) {
+                    n = 0;
+                }
+                else if (n > (code->size - 1)) {
                    n = code->size - 1;
+                }
                if (n > 0)
                    memcpy(res + 1, p, n);
                if (n > 255)