[Python-checkins] cpython: Issue #16147: PyUnicode_FromFormatV() now detects integer overflow when parsing
victor.stinner
python-checkins at python.org
Sat Oct 6 23:18:32 CEST 2012
http://hg.python.org/cpython/rev/d1369daeb9ec
changeset: 79543:d1369daeb9ec
user: Victor Stinner <victor.stinner at gmail.com>
date: Sat Oct 06 23:05:00 2012 +0200
summary:
Issue #16147: PyUnicode_FromFormatV() now detects integer overflow when parsing
width and precision
files:
Objects/unicodeobject.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -2357,6 +2357,11 @@
/* parse the width.precision part, e.g. "%2.5s" => width=2, precision=5 */
width = 0;
while (Py_ISDIGIT((unsigned)*f)) {
+ if (width > (INT_MAX - ((int)*f - '0')) / 10) {
+ PyErr_SetString(PyExc_ValueError,
+ "width too big");
+ return NULL;
+ }
width = (width*10) + (*f - '0');
f++;
}
@@ -2364,6 +2369,11 @@
if (*f == '.') {
f++;
while (Py_ISDIGIT((unsigned)*f)) {
+ if (precision > (INT_MAX - ((int)*f - '0')) / 10) {
+ PyErr_SetString(PyExc_ValueError,
+ "precision too big");
+ return NULL;
+ }
precision = (precision*10) + (*f - '0');
f++;
}
@@ -13589,7 +13599,7 @@
break;
if (arg->prec > (INT_MAX - ((int)arg->ch - '0')) / 10) {
PyErr_SetString(PyExc_ValueError,
- "prec too big");
+ "precision too big");
return -1;
}
arg->prec = arg->prec*10 + (arg->ch - '0');
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list