[3.13] gh-148093: Raise binascii.Error from binascii.a2b_uu() on empty input (GH-149077) (GH-149349)

Instead of reading past the end of the empty buffer.
(cherry picked from commit 0c6d2f6)

Co-authored-by: Maurycy Pawłowski-Wieroński <maurycy@maurycy.com>

Author: miss-islington

Lib/test/test_binascii.py

@@ -240,6 +240,10 @@ def test_uu(self):
         self.assertEqual(binascii.a2b_uu(b"\xff"), b"\x00"*31)
         self.assertRaises(binascii.Error, binascii.a2b_uu, b"\xff\x00")
         self.assertRaises(binascii.Error, binascii.a2b_uu, b"!!!!")
+        self.assertRaises(binascii.Error, binascii.a2b_uu,
+                          self.type2test(b""))
+        self.assertRaises(binascii.Error, binascii.a2b_uu,
+                          self.type2test(b"#86)C")[:0])
         self.assertRaises(binascii.Error, binascii.b2a_uu, 46*b"!")
 
         # Issue #7701 (crash on a pydebug build)
@@ -447,6 +451,9 @@ def test_empty_string(self):
                 binascii.crc_hqx(empty, 0)
                 continue
             f = getattr(binascii, func)
+            if func == 'a2b_uu':
+                self.assertRaises(binascii.Error, f, empty)
+                continue
             try:
                 f(empty)
             except Exception as err:

Misc/NEWS.d/next/Library/2026-04-27-22-34-09.gh-issue-148093.9pWceM.rst

@@ -0,0 +1,2 @@
+Fix an out-of-bounds read of one byte in :func:`binascii.a2b_uu`. Raise
+:exc:`binascii.Error`, instead of reading past the buffer end.

Modules/binascii.c

@@ -219,6 +219,14 @@ binascii_a2b_uu_impl(PyObject *module, Py_buffer *data)
     assert(ascii_len >= 0);
 
     /* First byte: binary data length (in bytes) */
+    if (ascii_len == 0) {
+        state = get_binascii_state(module);
+        if (state == NULL) {
+            return NULL;
+        }
+        PyErr_SetString(state->Error, "Missing length byte");
+        return NULL;
+    }
     bin_len = (*ascii_data++ - ' ') & 077;
     ascii_len--;