[Python-checkins] [2.7] bpo-35552: Fix reading past the end in PyString_FromFormat(). (GH-11276) (GH-11534)
Serhiy Storchaka
webhook-mailer at python.org
Sat Jan 12 04:21:01 EST 2019
https://github.com/python/cpython/commit/555755ecff2669f4e020147d7d3a0aec71abb679
commit: 555755ecff2669f4e020147d7d3a0aec71abb679
branch: 2.7
author: Serhiy Storchaka <storchaka at gmail.com>
committer: GitHub <noreply at github.com>
date: 2019-01-12T11:20:50+02:00
summary:
[2.7] bpo-35552: Fix reading past the end in PyString_FromFormat(). (GH-11276) (GH-11534)
Format character "%s" in PyString_FromFormat() no longer read memory
past the limit if precision is specified.
(cherry picked from commit d586ccb04f79863c819b212ec5b9d873964078e4)
files:
A Misc/NEWS.d/next/Core and Builtins/2018-12-21-13-29-30.bpo-35552.1DzQQc.rst
M Objects/stringobject.c
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-12-21-13-29-30.bpo-35552.1DzQQc.rst b/Misc/NEWS.d/next/Core and Builtins/2018-12-21-13-29-30.bpo-35552.1DzQQc.rst
new file mode 100644
index 000000000000..47ff76ac2624
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-12-21-13-29-30.bpo-35552.1DzQQc.rst
@@ -0,0 +1,2 @@
+Format character ``%s`` in :c:func:`PyString_FromFormat` no longer read
+memory past the limit if *precision* is specified.
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index efb0d1401b96..c47d32f4060f 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -360,9 +360,15 @@ PyString_FromFormatV(const char *format, va_list vargs)
break;
case 's':
p = va_arg(vargs, char*);
- i = strlen(p);
- if (n > 0 && i > n)
- i = n;
+ if (n <= 0) {
+ i = strlen(p);
+ }
+ else {
+ i = 0;
+ while (i < n && p[i]) {
+ i++;
+ }
+ }
Py_MEMCPY(s, p, i);
s += i;
break;
More information about the Python-checkins
mailing list