[Python-checkins] cpython (2.7): Issue #22518: Fixed integer overflow issues in "backslashreplace" and

serhiy.storchaka python-checkins at python.org
Sat Oct 4 13:24:01 CEST 2014

• Previous message: [Python-checkins] cpython (3.4): Realign packaging docs with PyPUG changes
• Next message: [Python-checkins] cpython (3.4): Issue #22518: Fixed integer overflow issues in "backslashreplace",
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/3f7519f633ed
changeset: 92790:3f7519f633ed
branch: 2.7
parent: 92785:911da1072099
user: Serhiy Storchaka <storchaka at gmail.com>
date: Sat Oct 04 14:14:41 2014 +0300
summary:
 Issue #22518: Fixed integer overflow issues in "backslashreplace" and
"xmlcharrefreplace" error handlers.
files:
 Misc/NEWS | 3 +++
 Python/codecs.c | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
 Core and Builtins
 -----------------
 
+- Issue #22518: Fixed integer overflow issues in "backslashreplace" and
+ "xmlcharrefreplace" error handlers.
+
 - Issue #22526: Fix iterating through files with lines longer than 2^31 bytes.
 
 - Issue #22519: Fix overflow checking in PyString_Repr.
diff --git a/Python/codecs.c b/Python/codecs.c
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -558,7 +558,7 @@
 Py_UNICODE *startp;
 Py_UNICODE *e;
 Py_UNICODE *outp;
- int ressize;
+ Py_ssize_t ressize;
 if (PyUnicodeEncodeError_GetStart(exc, &start))
 return NULL;
 if (PyUnicodeEncodeError_GetEnd(exc, &end))
@@ -566,6 +566,14 @@
 if (!(object = PyUnicodeEncodeError_GetObject(exc)))
 return NULL;
 startp = PyUnicode_AS_UNICODE(object);
+ if (end - start > PY_SSIZE_T_MAX / (2+7+1)) {
+ end = start + PY_SSIZE_T_MAX / (2+7+1);
+#ifndef Py_UNICODE_WIDE
+ ch = startp[end - 1];
+ if (0xD800 <= ch && ch <= 0xDBFF)
+ end--;
+#endif
+ }
 e = startp + end;
 for (p = startp+start, ressize = 0; p < e;) {
 Py_UCS4 ch = *p++;
@@ -675,13 +683,15 @@
 Py_UNICODE *p;
 Py_UNICODE *startp;
 Py_UNICODE *outp;
- int ressize;
+ Py_ssize_t ressize;
 if (PyUnicodeEncodeError_GetStart(exc, &start))
 return NULL;
 if (PyUnicodeEncodeError_GetEnd(exc, &end))
 return NULL;
 if (!(object = PyUnicodeEncodeError_GetObject(exc)))
 return NULL;
+ if (end - start > PY_SSIZE_T_MAX / (1+1+8))
+ end = start + PY_SSIZE_T_MAX / (1+1+8);
 startp = PyUnicode_AS_UNICODE(object);
 for (p = startp+start, ressize = 0; p < startp+end; ++p) {
 #ifdef Py_UNICODE_WIDE
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (3.4): Realign packaging docs with PyPUG changes
• Next message: [Python-checkins] cpython (3.4): Issue #22518: Fixed integer overflow issues in "backslashreplace",
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list