[Python-checkins] cpython (3.3): Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
victor.stinner
python-checkins at python.org
Fri Dec 13 12:47:52 CET 2013
http://hg.python.org/cpython/rev/68e0dbc492de
changeset: 87932:68e0dbc492de
branch: 3.3
parent: 87928:08c95dd68cfc
user: Victor Stinner <victor.stinner at gmail.com>
date: Fri Dec 13 12:14:44 2013 +0100
summary:
Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
argument is not in range [0; 255].
files:
Lib/test/test_bytes.py | 6 ++++++
Misc/NEWS | 3 +++
Objects/bytesobject.c | 19 ++++++++++++++++---
3 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/Lib/test/test_bytes.py b/Lib/test/test_bytes.py
--- a/Lib/test/test_bytes.py
+++ b/Lib/test/test_bytes.py
@@ -729,6 +729,12 @@
self.assertEqual(PyBytes_FromFormat(b's:%s', c_char_p(b'cstr')),
b's:cstr')
+ # Issue #19969
+ self.assertRaises(OverflowError,
+ PyBytes_FromFormat, b'%c', c_int(-1))
+ self.assertRaises(OverflowError,
+ PyBytes_FromFormat, b'%c', c_int(256))
+
class ByteArrayTest(BaseBytesTest, unittest.TestCase):
type2test = bytearray
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
Core and Builtins
-----------------
+- Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
+ argument is not in range [0; 255].
+
- Issue #14432: Generator now clears the borrowed reference to the thread
state. Fix a crash when a generator is created in a C thread that is
destroyed while the generator is still used. The issue was that a generator
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -186,8 +186,17 @@
switch (*f) {
case 'c':
- (void)va_arg(count, int);
- /* fall through... */
+ {
+ int c = va_arg(count, int);
+ if (c < 0 || c > 255) {
+ PyErr_SetString(PyExc_OverflowError,
+ "PyBytes_FromFormatV(): %c format "
+ "expects an integer in range [0; 255]");
+ return NULL;
+ }
+ n++;
+ break;
+ }
case '%':
n++;
break;
@@ -267,8 +276,12 @@
switch (*f) {
case 'c':
- *s++ = va_arg(vargs, int);
+ {
+ int c = va_arg(vargs, int);
+ /* c has been checked for overflow in the first step */
+ *s++ = (unsigned char)c;
break;
+ }
case 'd':
if (longflag)
sprintf(s, "%ld", va_arg(vargs, long));
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list