changeset: 79543:d1369daeb9ec
user: Victor Stinner <victor.stinner@gmail.com>
date: Sat Oct 06 23:05:00 2012 +0200
files: Objects/unicodeobject.c
description:
Issue #16147: PyUnicode_FromFormatV() now detects integer overflow when parsing
width and precision
diff -r b4bee17625e1 -r d1369daeb9ec Objects/unicodeobject.c
--- a/Objects/unicodeobject.c	Sat Oct 06 23:03:36 2012 +0200
+++ b/Objects/unicodeobject.c	Sat Oct 06 23:05:00 2012 +0200
@@ -2357,6 +2357,11 @@
 /* parse the width.precision part, e.g. "%2.5s" => width=2, precision=5 */
 width = 0;
 while (Py_ISDIGIT((unsigned)*f)) {
+ if (width> (INT_MAX - ((int)*f - '0')) / 10) {
+ PyErr_SetString(PyExc_ValueError,
+ "width too big");
+ return NULL;
+ }
 width = (width*10) + (*f - '0');
 f++;
 }
@@ -2364,6 +2369,11 @@
 if (*f == '.') {
 f++;
 while (Py_ISDIGIT((unsigned)*f)) {
+ if (precision> (INT_MAX - ((int)*f - '0')) / 10) {
+ PyErr_SetString(PyExc_ValueError,
+ "precision too big");
+ return NULL;
+ }
 precision = (precision*10) + (*f - '0');
 f++;
 }
@@ -13589,7 +13599,7 @@
 break;
 if (arg->prec> (INT_MAX - ((int)arg->ch - '0')) / 10) {
 PyErr_SetString(PyExc_ValueError,
- "prec too big");
+ "precision too big");
 return -1;
 }
 arg->prec = arg->prec*10 + (arg->ch - '0');
</div><div class="naked_ctrl">
<form action="/index.cgi/contrast" method="get" name="gate">
<p><a href="http://altstyle.alfasado.net">AltStyle</a> によって変換されたページ <a href="https://hg.python.org/cpython/rev/d1369daeb9ec">(-&gt;オリジナル)</a>
/ <label>アドレス: <input type="text" name="naked_post_url" value="https://hg.python.org/cpython/rev/d1369daeb9ec" size="22" /></label> <label>モード: <select name="naked_post_mode">
<option value="default">デフォルト</option>
<option value="speech">音声ブラウザ</option>
<option value="ruby">ルビ付き</option>
<option value="contrast" selected="selected">配色反転</option>
<option value="larger-text">文字拡大</option>
<option value="mobile">モバイル</option>
</select>
<input type="submit" value="表示" />
</p>
</form>
</div>