mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-30 21:48:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Issue #16147: PyUnicode_FromFormatV() now detects integer overflow when parsing

Browse source 
width and precision
This commit is contained in:
Victor Stinner 2012-10-06 23:05:00 +02:00
parent e215d960be
commit 3921e90c5a
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Objects/unicodeobject.c
View file

@ -2357,6 +2357,11 @@ unicode_fromformat_arg(_PyUnicodeWriter *writer,
/* parse the width.precision part, e.g. "%2.5s" => width=2, precision=5 */ /* parse the width.precision part, e.g. "%2.5s" => width=2, precision=5 */
width = 0; width = 0;
while (Py_ISDIGIT((unsigned)*f)) { while (Py_ISDIGIT((unsigned)*f)) {
if (width > (INT_MAX - ((int)*f - '0')) / 10) {
PyErr_SetString(PyExc_ValueError,
"width too big");
return NULL;
}
width = (width*10) + (*f - '0'); width = (width*10) + (*f - '0');
f++; f++;
} }
@ -2364,6 +2369,11 @@ unicode_fromformat_arg(_PyUnicodeWriter *writer,
if (*f == '.') { if (*f == '.') {
f++; f++;
while (Py_ISDIGIT((unsigned)*f)) { while (Py_ISDIGIT((unsigned)*f)) {
if (precision > (INT_MAX - ((int)*f - '0')) / 10) {
PyErr_SetString(PyExc_ValueError,
"precision too big");
return NULL;
}
precision = (precision*10) + (*f - '0'); precision = (precision*10) + (*f - '0');
f++; f++;
} }
@ -13589,7 +13599,7 @@ unicode_format_arg_parse(struct unicode_formatter_t *ctx,
break; break;
if (arg->prec > (INT_MAX - ((int)arg->ch - '0')) / 10) { if (arg->prec > (INT_MAX - ((int)arg->ch - '0')) / 10) {
PyErr_SetString(PyExc_ValueError, PyErr_SetString(PyExc_ValueError,
"prec too big"); "precision too big");
return -1; return -1;
} }
arg->prec = arg->prec*10 + (arg->ch - '0'); arg->prec = arg->prec*10 + (arg->ch - '0');