diff --git a/Lib/test/string_tests.py b/Lib/test/string_tests.py
index 9bb0ce7bb57f8b..8dcfa98f85b075 100644
--- a/Lib/test/string_tests.py
+++ b/Lib/test/string_tests.py
@@ -767,6 +767,15 @@ def test_replace(self):
self.checkraises(TypeError, 'hello', 'replace', 42, 'h')
self.checkraises(TypeError, 'hello', 'replace', 'h', 42)
+ def test_replacement_on_buffer_boundary(self):
+ # gh-127971: Check we don't read past the end of the buffer when a
+ # potential match misses on the last character.
+ any_3_nonblank_codepoints = '!!!'
+ seven_codepoints = any_3_nonblank_codepoints + ' ' + any_3_nonblank_codepoints
+ a = (' ' * 243) + seven_codepoints + (' ' * 7)
+ b = ' ' * 6 + chr(256)
+ a.replace(seven_codepoints, b)
+
def test_replace_uses_two_way_maxcount(self):
# Test that maxcount works in _two_way_count in fastsearch.h
A, B = "A"*1000, "B"*1000
diff --git a/Misc/NEWS.d/next/Core and Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst b/Misc/NEWS.d/next/Core and Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst
new file mode 100644
index 00000000000000..ced7a9c9fd3e63
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2025-04-16-12-01-13.gh-issue-127971.pMDOQ0.rst
@@ -0,0 +1 @@
+Fix off-by-one read beyond the end of a string in string search.
diff --git a/Objects/stringlib/fastsearch.h b/Objects/stringlib/fastsearch.h
index 257b7bd6788ad2..513250c08be104 100644
--- a/Objects/stringlib/fastsearch.h
+++ b/Objects/stringlib/fastsearch.h
@@ -588,7 +588,7 @@ STRINGLIB(default_find)(const STRINGLIB_CHAR* s, Py_ssize_t n,
continue;
}
/* miss: check if next character is part of pattern */
- if (!STRINGLIB_BLOOM(mask, ss[i+1])) {
+ if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) {
i = i + m;
}
else {
@@ -597,7 +597,7 @@ STRINGLIB(default_find)(const STRINGLIB_CHAR* s, Py_ssize_t n,
}
else {
/* skip: check if next character is part of pattern */
- if (!STRINGLIB_BLOOM(mask, ss[i+1])) {
+ if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) {
i = i + m;
}
}
@@ -661,7 +661,7 @@ STRINGLIB(adaptive_find)(const STRINGLIB_CHAR* s, Py_ssize_t n,
}
}
/* miss: check if next character is part of pattern */
- if (!STRINGLIB_BLOOM(mask, ss[i+1])) {
+ if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) {
i = i + m;
}
else {
@@ -670,7 +670,7 @@ STRINGLIB(adaptive_find)(const STRINGLIB_CHAR* s, Py_ssize_t n,
}
else {
/* skip: check if next character is part of pattern */
- if (!STRINGLIB_BLOOM(mask, ss[i+1])) {
+ if (i + 1 <= w && !STRINGLIB_BLOOM(mask, ss[i+1])) {
i = i + m;
}
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy