[Python-checkins] cpython (merge 3.4 -> default): Issue #22518: Fixed integer overflow issues in "backslashreplace",
serhiy.storchaka
python-checkins at python.org
Sat Oct 4 13:24:01 CEST 2014
https://hg.python.org/cpython/rev/2df4cc31c36e
changeset: 92792:2df4cc31c36e
parent: 92787:d61d2e5a0956
parent: 92791:ec9b7fd246b6
user: Serhiy Storchaka <storchaka at gmail.com>
date: Sat Oct 04 14:17:50 2014 +0300
summary:
Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers.
files:
Misc/NEWS | 3 +++
Python/codecs.c | 10 ++++++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
Core and Builtins
-----------------
+- Issue #22518: Fixed integer overflow issues in "backslashreplace",
+ "xmlcharrefreplace", and "surrogatepass" error handlers.
+
- Issue #22540: speed up `PyObject_IsInstance` and `PyObject_IsSubclass` in the
common case that the second argument has metaclass `type`.
diff --git a/Python/codecs.c b/Python/codecs.c
--- a/Python/codecs.c
+++ b/Python/codecs.c
@@ -773,7 +773,7 @@
Py_ssize_t end;
PyObject *res;
unsigned char *outp;
- int ressize;
+ Py_ssize_t ressize;
Py_UCS4 ch;
if (PyUnicodeEncodeError_GetStart(exc, &start))
return NULL;
@@ -781,6 +781,8 @@
return NULL;
if (!(object = PyUnicodeEncodeError_GetObject(exc)))
return NULL;
+ if (end - start > PY_SSIZE_T_MAX / (2+7+1))
+ end = start + PY_SSIZE_T_MAX / (2+7+1);
for (i = start, ressize = 0; i < end; ++i) {
/* object is guaranteed to be "ready" */
ch = PyUnicode_READ_CHAR(object, i);
@@ -869,7 +871,7 @@
Py_ssize_t end;
PyObject *res;
unsigned char *outp;
- int ressize;
+ Py_ssize_t ressize;
Py_UCS4 c;
if (PyUnicodeEncodeError_GetStart(exc, &start))
return NULL;
@@ -877,6 +879,8 @@
return NULL;
if (!(object = PyUnicodeEncodeError_GetObject(exc)))
return NULL;
+ if (end - start > PY_SSIZE_T_MAX / (1+1+8))
+ end = start + PY_SSIZE_T_MAX / (1+1+8);
for (i = start, ressize = 0; i < end; ++i) {
/* object is guaranteed to be "ready" */
c = PyUnicode_READ_CHAR(object, i);
@@ -1036,6 +1040,8 @@
return NULL;
}
+ if (end - start > PY_SSIZE_T_MAX / bytelength)
+ end = start + PY_SSIZE_T_MAX / bytelength;
res = PyBytes_FromStringAndSize(NULL, bytelength*(end-start));
if (!res) {
Py_DECREF(object);
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list