[Python-checkins] r81897 - in python/branches/py3k: Lib/test/test_struct.py Modules/_struct.c
mark.dickinson
python-checkins at python.org
Fri Jun 11 18:56:34 CEST 2010
Author: mark.dickinson
Date: Fri Jun 11 18:56:34 2010
New Revision: 81897
Log:
Avoid possible undefined behaviour from signed overflow.
Modified:
python/branches/py3k/Lib/test/test_struct.py
python/branches/py3k/Modules/_struct.c
Modified: python/branches/py3k/Lib/test/test_struct.py
==============================================================================
--- python/branches/py3k/Lib/test/test_struct.py (original)
+++ python/branches/py3k/Lib/test/test_struct.py Fri Jun 11 18:56:34 2010
@@ -506,6 +506,11 @@
for c in [b'\x01', b'\x7f', b'\xff', b'\x0f', b'\xf0']:
self.assertTrue(struct.unpack('>?', c)[0])
+ def test_count_overflow(self):
+ hugecount = '{}b'.format(sys.maxsize+1)
+ self.assertRaises(struct.error, struct.calcsize, hugecount)
+
+
if IS32BIT:
def test_crasher(self):
self.assertRaises(MemoryError, struct.pack, "357913941b", "a")
Modified: python/branches/py3k/Modules/_struct.c
==============================================================================
--- python/branches/py3k/Modules/_struct.c (original)
+++ python/branches/py3k/Modules/_struct.c Fri Jun 11 18:56:34 2010
@@ -1186,14 +1186,17 @@
if ('0' <= c && c <= '9') {
num = c - '0';
while ('0' <= (c = *s++) && c <= '9') {
- x = num*10 + (c - '0');
- if (x/10 != num) {
+ /* overflow-safe version of
+ if (num*10 + (c - '0') > PY_SSIZE_T_MAX) { ... } */
+ if (num >= PY_SSIZE_T_MAX / 10 && (
+ num > PY_SSIZE_T_MAX / 10 ||
+ (c - '0') > PY_SSIZE_T_MAX % 10)) {
PyErr_SetString(
StructError,
"overflow in item count");
return -1;
}
- num = x;
+ num = num*10 + (c - '0');
}
if (c == '\0') {
PyErr_SetString(StructError,
More information about the Python-checkins
mailing list