[Python-checkins] cpython (3.3): fix overflow checking in PyBytes_Repr (closes #22519)
benjamin.peterson
python-checkins at python.org
Tue Sep 30 01:11:12 CEST 2014
https://hg.python.org/cpython/rev/f5c662a7f7e6
changeset: 92637:f5c662a7f7e6
branch: 3.3
parent: 92632:88332ea4c140
user: Benjamin Peterson <benjamin at python.org>
date: Mon Sep 29 19:01:18 2014 -0400
summary:
fix overflow checking in PyBytes_Repr (closes #22519)
files:
Misc/NEWS | 2 ++
Objects/bytesobject.c | 28 ++++++++++++++++------------
2 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,8 @@
Core and Builtins
-----------------
+- Issue #22519: Fix overflow checking in PyBytes_Repr.
+
- Issue #22518: Fix integer overflow issues in latin-1 encoding.
Library
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -593,28 +593,27 @@
newsize = 3; /* b'' */
s = (unsigned char*)op->ob_sval;
for (i = 0; i < length; i++) {
+ Py_ssize_t incr = 1;
switch(s[i]) {
- case '\'': squotes++; newsize++; break;
- case '"': dquotes++; newsize++; break;
+ case '\'': squotes++; break;
+ case '"': dquotes++; break;
case '\\': case '\t': case '\n': case '\r':
- newsize += 2; break; /* \C */
+ incr = 2; break; /* \C */
default:
if (s[i] < ' ' || s[i] >= 0x7f)
- newsize += 4; /* \xHH */
- else
- newsize++;
+ incr = 4; /* \xHH */
}
+ if (newsize > PY_SSIZE_T_MAX - incr)
+ goto overflow;
+ newsize += incr;
}
quote = '\'';
if (smartquotes && squotes && !dquotes)
quote = '"';
- if (squotes && quote == '\'')
+ if (squotes && quote == '\'') {
+ if (newsize > PY_SSIZE_T_MAX - squotes)
+ goto overflow;
newsize += squotes;
-
- if (newsize > (PY_SSIZE_T_MAX - sizeof(PyUnicodeObject) - 1)) {
- PyErr_SetString(PyExc_OverflowError,
- "bytes object is too large to make repr");
- return NULL;
}
v = PyUnicode_New(newsize, 127);
@@ -646,6 +645,11 @@
*p++ = quote;
assert(_PyUnicode_CheckConsistency(v, 1));
return v;
+
+ overflow:
+ PyErr_SetString(PyExc_OverflowError,
+ "bytes object is too large to make repr");
+ return NULL;
}
static PyObject *
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list