mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-08 02:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

add overflow checking (closes #23361)

Browse source
This commit is contained in:
Benjamin Peterson 2015-02-09 20:58:12 -05:00
parent dee948b359
commit 8ce6806498
2 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Misc/NEWS
View file

@ -16,6 +16,8 @@ Core and Builtins
Library Library
------- -------
- Issue #23361: Fix possible overflow in Windows subprocess creation code.
- Issue #23363: Fix possible overflow in itertools.permutations. - Issue #23363: Fix possible overflow in itertools.permutations.
- Issue #23364: Fix possible overflow in itertools.product. - Issue #23364: Fix possible overflow in itertools.product.

14
Modules/_winapi.c
View file

@ -513,13 +513,23 @@ getenvironment(PyObject* environment)
"environment can only contain strings"); "environment can only contain strings");
goto error; goto error;
} }
if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(key) - 1) {
PyErr_SetString(PyExc_OverflowError, "environment too long");
goto error;
}
totalsize += PyUnicode_GET_LENGTH(key) + 1; /* +1 for '=' */ totalsize += PyUnicode_GET_LENGTH(key) + 1; /* +1 for '=' */
if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(value) - 1) {
PyErr_SetString(PyExc_OverflowError, "environment too long");
goto error;
}
totalsize += PyUnicode_GET_LENGTH(value) + 1; /* +1 for '\0' */ totalsize += PyUnicode_GET_LENGTH(value) + 1; /* +1 for '\0' */
} }
buffer = PyMem_Malloc(totalsize * sizeof(Py_UCS4)); buffer = PyMem_NEW(Py_UCS4, totalsize);
if (! buffer) if (! buffer) {
PyErr_NoMemory();
goto error; goto error;
}
p = buffer; p = buffer;
end = buffer + totalsize; end = buffer + totalsize;