[Python-checkins] cpython (merge 3.3 -> 3.4): merge 3.3 (closes #22519)

benjamin.peterson python-checkins at python.org
Tue Sep 30 01:11:14 CEST 2014


https://hg.python.org/cpython/rev/ed31cdf11ac2
changeset:   92638:ed31cdf11ac2
branch:      3.4
parent:      92633:7dab27fffff2
parent:      92637:f5c662a7f7e6
user:        Benjamin Peterson <benjamin at python.org>
date:        Mon Sep 29 19:09:49 2014 -0400
summary:
  merge 3.3 (closes #22519)

files:
  Misc/NEWS             |   2 ++
  Objects/bytesobject.c |  28 ++++++++++++++++------------
  2 files changed, 18 insertions(+), 12 deletions(-)


diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,8 @@
 Core and Builtins
 -----------------
 
+- Issue #22519: Fix overflow checking in PyBytes_Repr.
+
 - Issue #22518: Fix integer overflow issues in latin-1 encoding.
 
 Library
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -603,28 +603,27 @@
     newsize = 3; /* b'' */
     s = (unsigned char*)op->ob_sval;
     for (i = 0; i < length; i++) {
+        Py_ssize_t incr = 1;
         switch(s[i]) {
-        case '\'': squotes++; newsize++; break;
-        case '"':  dquotes++; newsize++; break;
+        case '\'': squotes++; break;
+        case '"':  dquotes++; break;
         case '\\': case '\t': case '\n': case '\r':
-            newsize += 2; break; /* \C */
+            incr = 2; break; /* \C */
         default:
             if (s[i] < ' ' || s[i] >= 0x7f)
-                newsize += 4; /* \xHH */
-            else
-                newsize++;
+                incr = 4; /* \xHH */
         }
+        if (newsize > PY_SSIZE_T_MAX - incr)
+            goto overflow;
+        newsize += incr;
     }
     quote = '\'';
     if (smartquotes && squotes && !dquotes)
         quote = '"';
-    if (squotes && quote == '\'')
+    if (squotes && quote == '\'') {
+        if (newsize > PY_SSIZE_T_MAX - squotes)
+            goto overflow;
         newsize += squotes;
-
-    if (newsize > (PY_SSIZE_T_MAX - sizeof(PyUnicodeObject) - 1)) {
-        PyErr_SetString(PyExc_OverflowError,
-            "bytes object is too large to make repr");
-        return NULL;
     }
 
     v = PyUnicode_New(newsize, 127);
@@ -656,6 +655,11 @@
     *p++ = quote;
     assert(_PyUnicode_CheckConsistency(v, 1));
     return v;
+
+  overflow:
+    PyErr_SetString(PyExc_OverflowError,
+                    "bytes object is too large to make repr");
+    return NULL;
 }
 
 static PyObject *

-- 
Repository URL: https://hg.python.org/cpython


More information about the Python-checkins mailing list