binascii.a2b_uu() reads past the end of empty buffer

[serhiy-storchaka]

Bug report

When pass an empty buffer to binascii.a2b_uu(), it reads a byte past the end of the empty buffer and returns the bytes object of the length encoded in that byte. For example:

>>> import binascii
>>> binascii.a2b_uu(memoryview(b'#86)C')[:0])
b'\x00\x00\x00'

When pass an empty bytes or bytearray object, it returns the bytes object of length 32, because they always have a null byte past the end.

>>> binascii.a2b_uu(b'')
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

In general, reading past the end of the buffer is an undefined behavior. It can cause segfault if the empty buffer refers to the end of mmaped memory.

[maurycy]

@serhiy-storchaka Just?

     /* First byte: binary data length (in bytes) */
-    bin_len = (*ascii_data++ - ' ') & 077;
-    ascii_len--;
+    if (ascii_len == 0) {
+        bin_len = 0;
+    } else {
+        bin_len = (*ascii_data++ - ' ') & 077;
+        ascii_len--;
+    }

[serhiy-storchaka]

I think it would be better to report it as error.