[Python-checkins] cpython (3.4): Issue #22518: Fixed integer overflow issues in "backslashreplace",

serhiy.storchaka python-checkins at python.org
Sat Oct 4 13:24:01 CEST 2014

• Previous message: [Python-checkins] cpython (2.7): Issue #22518: Fixed integer overflow issues in "backslashreplace" and
• Next message: [Python-checkins] cpython (merge 3.4 -> default): Issue #22518: Fixed integer overflow issues in "backslashreplace",
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/ec9b7fd246b6
changeset: 92791:ec9b7fd246b6
branch: 3.4
parent: 92786:981d18930d6d
user: Serhiy Storchaka <storchaka at gmail.com>
date: Sat Oct 04 14:15:49 2014 +0300
summary:
 Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers.
files:
 Misc/NEWS | 3 +++
 Python/codecs.c | 10 ++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,9 @@
 Core and Builtins
 -----------------
 
+- Issue #22518: Fixed integer overflow issues in "backslashreplace",
+ "xmlcharrefreplace", and "surrogatepass" error handlers.
+
 - Issue #22520: Fix overflow checking when generating the repr of a unicode
 object.
 
diff --git a/Python/codecs.c b/Python/codecs.c
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -773,7 +773,7 @@
 Py_ssize_t end;
 PyObject *res;
 unsigned char *outp;
- int ressize;
+ Py_ssize_t ressize;
 Py_UCS4 ch;
 if (PyUnicodeEncodeError_GetStart(exc, &start))
 return NULL;
@@ -781,6 +781,8 @@
 return NULL;
 if (!(object = PyUnicodeEncodeError_GetObject(exc)))
 return NULL;
+ if (end - start > PY_SSIZE_T_MAX / (2+7+1))
+ end = start + PY_SSIZE_T_MAX / (2+7+1);
 for (i = start, ressize = 0; i < end; ++i) {
 /* object is guaranteed to be "ready" */
 ch = PyUnicode_READ_CHAR(object, i);
@@ -869,7 +871,7 @@
 Py_ssize_t end;
 PyObject *res;
 unsigned char *outp;
- int ressize;
+ Py_ssize_t ressize;
 Py_UCS4 c;
 if (PyUnicodeEncodeError_GetStart(exc, &start))
 return NULL;
@@ -877,6 +879,8 @@
 return NULL;
 if (!(object = PyUnicodeEncodeError_GetObject(exc)))
 return NULL;
+ if (end - start > PY_SSIZE_T_MAX / (1+1+8))
+ end = start + PY_SSIZE_T_MAX / (1+1+8);
 for (i = start, ressize = 0; i < end; ++i) {
 /* object is guaranteed to be "ready" */
 c = PyUnicode_READ_CHAR(object, i);
@@ -1023,6 +1027,8 @@
 code = get_standard_encoding(encoding, &bytelength);
 Py_DECREF(encode);
 
+ if (end - start > PY_SSIZE_T_MAX / bytelength)
+ end = start + PY_SSIZE_T_MAX / bytelength;
 res = PyBytes_FromStringAndSize(NULL, bytelength*(end-start));
 if (!res) {
 Py_DECREF(object);
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message: [Python-checkins] cpython (2.7): Issue #22518: Fixed integer overflow issues in "backslashreplace" and
• Next message: [Python-checkins] cpython (merge 3.4 -> default): Issue #22518: Fixed integer overflow issues in "backslashreplace",
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list