[Python-checkins] cpython (3.5): Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.

steve.dower python-checkins at python.org
Sun Sep 6 06:02:05 CEST 2015

• Previous message (by thread): [Python-checkins] cpython (3.5): Issue #24917: Moves NEWS entry under Library.
• Next message (by thread): [Python-checkins] cpython (merge 3.4 -> 3.5): Null merge with 3.4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

https://hg.python.org/cpython/rev/09b62202d9b7
changeset: 97692:09b62202d9b7
branch: 3.5
parent: 97683:27cc5cce0292
user: Steve Dower <steve.dower at microsoft.com>
date: Sat Sep 05 12:16:06 2015 -0700
summary:
 Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.
files:
 Lib/test/test_time.py | 6 ++++++
 Misc/NEWS | 2 ++
 Modules/timemodule.c | 12 ++++++++++++
 3 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
--- a/Lib/test/test_time.py
+++ b/Lib/test/test_time.py
@@ -174,6 +174,12 @@
 def test_strftime_bounding_check(self):
 self._bounds_checking(lambda tup: time.strftime('', tup))
 
+ def test_strftime_format_check(self):
+ for x in [ '', 'A', '%A', '%AA' ]:
+ for y in range(0x0, 0x10):
+ for z in [ '%', 'A%', 'AA%', '%A%', 'A%A%', '%#' ]:
+ self.assertRaises(ValueError, time.strftime, x * y + z)
+
 def test_default_values_for_zero(self):
 # Make sure that using all zeros uses the proper default
 # values. No test for daylight savings since strftime() does
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,8 @@
 Core and Builtins
 -----------------
 
+- Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.
+
 - Issue #24912: Prevent __class__ assignment to immutable built-in objects.
 
 - Issue #24975: Fix AST compilation for PEP 448 syntax.
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -623,6 +623,12 @@
 Py_DECREF(format);
 return NULL;
 }
+ else if (outbuf[1] == '0円')
+ {
+ PyErr_SetString(PyExc_ValueError, "Incomplete format string");
+ Py_DECREF(format);
+ return NULL;
+ }
 }
 #elif (defined(_AIX) || defined(sun)) && defined(HAVE_WCSFTIME)
 for(outbuf = wcschr(fmt, '%');
@@ -636,6 +642,12 @@
 "format %y requires year >= 1900 on AIX");
 return NULL;
 }
+ else if (outbuf[1] == '0円')
+ {
+ PyErr_SetString(PyExc_ValueError, "Incomplete format string");
+ Py_DECREF(format);
+ return NULL;
+ }
 }
 #endif
 
-- 
Repository URL: https://hg.python.org/cpython

---

• Previous message (by thread): [Python-checkins] cpython (3.5): Issue #24917: Moves NEWS entry under Library.
• Next message (by thread): [Python-checkins] cpython (merge 3.4 -> 3.5): Null merge with 3.4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list