File CVE-2014-4616-json-bounds-check.patch of Package python3.openSUSE_13.1_Update

# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1397442496 14400
# Node ID 4f15bd1ab28fe25c2e381ab05b11b60ce42fe613
# Parent  b49d990aaa9d708a8c3174f6d51b8e069040ffe4# Parent  8130b8c066062bc589d337aebd3da4b156ee7f45
merge 3.2

Index: Python-3.3.5/Lib/test/test_json/test_decode.py
===================================================================
--- Python-3.3.5.orig/Lib/test/test_json/test_decode.py	2014-06-26 18:54:52.172548408 +0200
+++ Python-3.3.5/Lib/test/test_json/test_decode.py	2014-06-26 18:54:55.108562706 +0200
@@ -70,5 +70,9 @@
         msg = 'escape'
         self.assertRaisesRegex(ValueError, msg, self.loads, s)
 
+    def test_negative_index(self):
+        d = self.json.JSONDecoder()
+        self.assertRaises(ValueError, d.raw_decode, 'a'*42, -50000)
+
 class TestPyDecode(TestDecode, PyTest): pass
 class TestCDecode(TestDecode, CTest): pass
Index: Python-3.3.5/Misc/ACKS
===================================================================
--- Python-3.3.5.orig/Misc/ACKS	2014-06-26 18:54:52.173548413 +0200
+++ Python-3.3.5/Misc/ACKS	2014-06-26 18:54:55.108562706 +0200
@@ -1311,6 +1311,7 @@
 Alex Volkov
 Martijn Vries
 Sjoerd de Vries
+Guido Vranken
 Niki W. Waibel
 Wojtek Walczak
 Charles Waldman
Index: Python-3.3.5/Modules/_json.c
===================================================================
--- Python-3.3.5.orig/Modules/_json.c	2014-06-26 18:54:52.174548417 +0200
+++ Python-3.3.5/Modules/_json.c	2014-06-26 18:54:55.110562715 +0200
@@ -975,7 +975,10 @@
     kind = PyUnicode_KIND(pystr);
     length = PyUnicode_GET_LENGTH(pystr);
 
-    if (idx >= length) {
+    if (idx < 0)
+        /* Compatibility with Python version. */
+        idx += length;
+    if (idx < 0 || idx >= length) {
         PyErr_SetNone(PyExc_StopIteration);
         return NULL;
     }