[Python-checkins] r77638 - python/branches/py3k-cdecimal/Modules/cdecimal/io.c
stefan.krah
python-checkins at python.org
Thu Jan 21 16:18:44 CET 2010
Author: stefan.krah
Date: Thu Jan 21 16:18:39 2010
New Revision: 77638
Log:
Guard against absurd combinations of min_width and multi-byte separators.
Modified:
python/branches/py3k-cdecimal/Modules/cdecimal/io.c
Modified: python/branches/py3k-cdecimal/Modules/cdecimal/io.c
==============================================================================
--- python/branches/py3k-cdecimal/Modules/cdecimal/io.c (original)
+++ python/branches/py3k-cdecimal/Modules/cdecimal/io.c Thu Jan 21 16:18:39 2010
@@ -17,6 +17,7 @@
#include "memory.h"
#include "mpdecimal.h"
#include "typearith.h"
+#include "io.h"
/*
@@ -54,7 +55,6 @@
return retval;
}
-
/*
* Scan 'len' words. The most significant word contains 'r' digits,
* the remaining words are full words. Skip dpoint. The string 's' must
@@ -780,6 +780,13 @@
return 1;
}
+/*
+ * The following functions assume that spec->min_width <= MPD_MAX_PREC, which
+ * is made sure in mpd_qformat_spec. Then, even with a spec that inserts a
+ * four-byte separator after each digit, nbytes in the following struct
+ * cannot overflow.
+ */
+
/* Multibyte string */
typedef struct {
mpd_ssize_t nbytes; /* length in bytes */
@@ -977,11 +984,12 @@
n_fill = strlen(spec->fill);
add_chars = (spec->min_width - result->nchars);
- add_bytes = mul_size_t(add_chars, n_fill);
+ /* max value: MPD_MAX_PREC * 4 */
+ add_bytes = add_chars * n_fill;
- cp = result->data = mpd_realloc(result->data,
- result->nbytes+add_bytes+1,
- sizeof *result->data, &err);
+ cp = result->data = mpd_realloc(result->data,
+ result->nbytes+add_bytes+1,
+ sizeof *result->data, &err);
if (err) {
*status |= MPD_Malloc_error;
mpd_free(result->data);
@@ -1048,6 +1056,10 @@
int flags = 0;
+ if (spec->min_width > MPD_MAX_PREC) {
+ return NULL;
+ }
+
if (!mpd_qcopy(&tmp, dec, status)) {
return NULL;
}
More information about the Python-checkins
mailing list