[Python-checkins] cpython (3.3): fix possible overflow bugs in unicodedata (closes #23367)
benjamin.peterson
python-checkins at python.org
Mon Mar 2 17:21:35 CET 2015
https://hg.python.org/cpython/rev/84025a32fa2b
changeset: 94827:84025a32fa2b
branch: 3.3
parent: 94678:221301c8095f
user: Benjamin Peterson <benjamin at python.org>
date: Mon Mar 02 11:17:05 2015 -0500
summary:
fix possible overflow bugs in unicodedata (closes #23367)
files:
Misc/NEWS | 2 ++
Modules/unicodedata.c | 13 ++++++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,8 @@
Library
-------
+- Issue #23367: Fix possible overflows in the unicodedata module.
+
- Issue #23361: Fix possible overflow in Windows subprocess creation code.
- Issue #23363: Fix possible overflow in itertools.permutations.
diff --git a/Modules/unicodedata.c b/Modules/unicodedata.c
--- a/Modules/unicodedata.c
+++ b/Modules/unicodedata.c
@@ -507,10 +507,17 @@
stackptr = 0;
isize = PyUnicode_GET_LENGTH(input);
+ space = isize;
/* Overallocate at most 10 characters. */
- space = (isize > 10 ? 10 : isize) + isize;
+ if (space > 10) {
+ if (space <= PY_SSIZE_T_MAX - 10)
+ space += 10;
+ }
+ else {
+ space *= 2;
+ }
osize = space;
- output = PyMem_Malloc(space * sizeof(Py_UCS4));
+ output = PyMem_NEW(Py_UCS4, space);
if (!output) {
PyErr_NoMemory();
return NULL;
@@ -657,7 +664,7 @@
/* We allocate a buffer for the output.
If we find that we made no changes, we still return
the NFD result. */
- output = PyMem_Malloc(len * sizeof(Py_UCS4));
+ output = PyMem_NEW(Py_UCS4, len);
if (!output) {
PyErr_NoMemory();
Py_DECREF(result);
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list