[issue14700] Integer overflow in classic string formatting
Mark Dickinson
report at bugs.python.org
Mon Apr 30 19:16:23 CEST 2012
Mark Dickinson <dickinsm at gmail.com> added the comment:
Indeed, Objects/unicodeobject.c (default branch) has this, at around line 13839:
if ((prec*10) / 10 != prec) {
PyErr_SetString(PyExc_ValueError,
"prec too big");
goto onError;
}
... which since 'prec' has type int, will invoke undefined behaviour. There are probably many other cases like this one.
Serhiy, what platform are you on? And are you applying any special compile-time flags? For gcc, we should be using -fwrapv, which in this case should make the above code work as intended.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14700>
_______________________________________
More information about the Python-bugs-list
mailing list