[Python-checkins] cpython (3.4): do not allow reading negative values with getstr()
benjamin.peterson
python-checkins at python.org
Sat Aug 13 21:21:42 EDT 2016
https://hg.python.org/cpython/rev/d5f6bc45b376
changeset: 102642:d5f6bc45b376
branch: 3.4
parent: 102638:10b89df93c58
user: Benjamin Peterson <benjamin at python.org>
date: Sat Aug 13 18:15:28 2016 -0700
summary:
do not allow reading negative values with getstr()
files:
Lib/test/test_curses.py | 3 +++
Misc/NEWS | 3 +++
Modules/_cursesmodule.c | 8 ++++++++
3 files changed, 14 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_curses.py b/Lib/test/test_curses.py
--- a/Lib/test/test_curses.py
+++ b/Lib/test/test_curses.py
@@ -163,6 +163,9 @@
if hasattr(curses, 'enclose'):
stdscr.enclose()
+ self.assertRaises(ValueError, stdscr.getstr, -400)
+ self.assertRaises(ValueError, stdscr.getstr, 2, 3, -400)
+
def test_module_funcs(self):
"Test module-level functions"
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
Library
-------
+- In the curses module, raise an error if window.getstr() is passed a negative
+ value.
+
- Issue #27758: Fix possible integer overflow in the _csv module for large record
lengths.
diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c
--- a/Modules/_cursesmodule.c
+++ b/Modules/_cursesmodule.c
@@ -1284,6 +1284,10 @@
case 1:
if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL;
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+ return NULL;
+ }
Py_BEGIN_ALLOW_THREADS
rtn2 = wgetnstr(self->win, rtn, Py_MIN(n, 1023));
Py_END_ALLOW_THREADS
@@ -1302,6 +1306,10 @@
case 3:
if (!PyArg_ParseTuple(args,"iii;y,x,n", &y, &x, &n))
return NULL;
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+ return NULL;
+ }
#ifdef STRICT_SYSV_CURSES
Py_BEGIN_ALLOW_THREADS
rtn2 = wmove(self->win,y,x)==ERR ? ERR :
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list