Off by one error in cgi.FieldStorage(max_num_fields) #79209

matthewbelisle-wf · 2018-10-19T18:36:57Z

BPO	35028
Nosy	@miss-islington, @matthewbelisle-wf
PRs	bpo-35028: cgi: Fix max_num_fields off by one error #9973 [3.7] bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973) #10053 [3.6] bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973) #10054

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2019-08-28.01:16:38.120>
created_at = <Date 2018-10-19.18:36:56.897>
labels = ['3.7', '3.8', 'type-bug', 'library']
title = 'Off by one error in cgi.FieldStorage(max_num_fields)'
updated_at = <Date 2019-08-28.01:16:38.120>
user = 'https://github.com/matthewbelisle-wf'

bugs.python.org fields:

activity = <Date 2019-08-28.01:16:38.120>
actor = 'benjamin.peterson'
assignee = 'none'
closed = True
closed_date = <Date 2019-08-28.01:16:38.120>
closer = 'benjamin.peterson'
components = ['Library (Lib)']
creation = <Date 2018-10-19.18:36:56.897>
creator = 'Matthew Belisle'
dependencies = []
files = []
hgrepos = []
issue_num = 35028
keywords = ['patch']
message_count = 4.0
messages = ['328060', '328291', '328303', '328304']
nosy_count = 2.0
nosy_names = ['miss-islington', 'Matthew Belisle']
pr_nums = ['9973', '10053', '10054']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue35028'
versions = ['Python 3.6', 'Python 3.7', 'Python 3.8']

matthewbelisle-wf · 2018-10-19T18:36:57Z

The cgi.FieldStorage class added in #9660 has an off by one error in the logic for recursively nested objects. The problem is that sub_max_num_fields should be initialized outside of the while loop, not inside of it. Adding a unit test to cover this case.

Note: This problem does not exist in the 2.7 backport in #9969.

miss-islington · 2018-10-23T08:14:43Z

New changeset b79b5c0 by Miss Islington (bot) (matthewbelisle-wf) in branch 'master':
bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
b79b5c0

miss-islington · 2018-10-23T10:54:48Z

New changeset 58b614a by Miss Islington (bot) in branch '3.6':
bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
58b614a

miss-islington · 2018-10-23T10:54:56Z

New changeset 178bf58 by Miss Islington (bot) in branch '3.7':
bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
178bf58

matthewbelisle-wf mannequin added 3.7 (EOL) end of life 3.8 (EOL) end of life stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Oct 19, 2018

benjaminp closed this as completed Aug 28, 2019

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Off by one error in cgi.FieldStorage(max_num_fields) #79209

Off by one error in cgi.FieldStorage(max_num_fields) #79209

matthewbelisle-wf mannequin commented Oct 19, 2018

matthewbelisle-wf mannequin commented Oct 19, 2018

miss-islington commented Oct 23, 2018

miss-islington commented Oct 23, 2018

miss-islington commented Oct 23, 2018

Off by one error in cgi.FieldStorage(max_num_fields) #79209

Off by one error in cgi.FieldStorage(max_num_fields) #79209

Comments

matthewbelisle-wf mannequin commented Oct 19, 2018

matthewbelisle-wf mannequin commented Oct 19, 2018

miss-islington commented Oct 23, 2018

miss-islington commented Oct 23, 2018

miss-islington commented Oct 23, 2018