mirror of
https://github.com/pybind/pybind11.git
synced 2026-05-14 10:10:47 +00:00
609d2c812d
* Fix heap-buffer-overflow in pythonbuf with undersized buffers (gh-5886) The _sync() UTF-8 remainder logic can leave pptr() past the end of the allocated buffer when buf_size < 4: after moving up to 3 bytes of an incomplete UTF-8 sequence to the front, pbump(remainder) pushes pptr() beyond epptr() and the buffer boundary. The next overflow() then writes out of bounds. Fix by clamping the buffer size to a minimum of 4 in the constructor, ensuring the maximum UTF-8 remainder (3 bytes) plus the overflow slot (1 byte) always fits within the allocated buffer. Made-with: Cursor * Avoid C++14 ODR-use linker error for minimum_buffer_size std::max takes arguments by const&, which ODR-uses the static constexpr member and requires an out-of-line definition in C++14. Replace with a ternary expression that uses the value without taking its address. Made-with: Cursor