[Python-checkins] cpython (2.7): fix overflow checking in PyString_Repr (closes #22519)

benjamin.peterson python-checkins at python.org
Tue Sep 30 01:11:12 CEST 2014


https://hg.python.org/cpython/rev/d9cd11eda152
changeset:   92636:d9cd11eda152
branch:      2.7
user:        Benjamin Peterson <benjamin at python.org>
date:        Mon Sep 29 19:01:18 2014 -0400
summary:
  fix overflow checking in PyString_Repr (closes #22519)

files:
  Misc/NEWS              |  2 ++
  Objects/stringobject.c |  5 +++--
  2 files changed, 5 insertions(+), 2 deletions(-)


diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,8 @@
 Core and Builtins
 -----------------
 
+- Issue #22519: Fix overflow checking in PyString_Repr.
+
 - Issue #22518: Fix integer overflow issues in latin-1 encoding.
 
 - Issue #22379: Fix empty exception message in a TypeError raised in
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -926,13 +926,14 @@
 PyString_Repr(PyObject *obj, int smartquotes)
 {
     register PyStringObject* op = (PyStringObject*) obj;
-    size_t newsize = 2 + 4 * Py_SIZE(op);
+    size_t newsize;
     PyObject *v;
-    if (newsize > PY_SSIZE_T_MAX || newsize / 4 != Py_SIZE(op)) {
+    if (Py_SIZE(op) > (PY_SSIZE_T_MAX - 2)/4) {
         PyErr_SetString(PyExc_OverflowError,
             "string is too large to make repr");
         return NULL;
     }
+    newsize = 2 + 4*Py_SIZE(op);
     v = PyString_FromStringAndSize((char *)NULL, newsize);
     if (v == NULL) {
         return NULL;

-- 
Repository URL: https://hg.python.org/cpython


More information about the Python-checkins mailing list