[Python-checkins] bpo-13312: Avoid int underflow in time year. (GH-8912)
Miss Islington (bot)
webhook-mailer at python.org
Sat Aug 25 01:53:24 EDT 2018
https://github.com/python/cpython/commit/c47acc2bb1d0a3fb6dda14ced958d272fb2821a6
commit: c47acc2bb1d0a3fb6dda14ced958d272fb2821a6
branch: 3.6
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-08-25T01:53:20-04:00
summary:
bpo-13312: Avoid int underflow in time year. (GH-8912)
Avoids an integer underflow in the time module's year handling code.
(cherry picked from commit 76be0fffff8b7dbe649ad4821144461800ffb0d0)
Co-authored-by: Gregory P. Smith <greg at krypto.org>
files:
A Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
M Lib/test/test_time.py
M Modules/timemodule.c
diff --git a/Lib/test/test_time.py b/Lib/test/test_time.py
index 0e0e9065b741..b22546dd5c9f 100644
--- a/Lib/test/test_time.py
+++ b/Lib/test/test_time.py
@@ -21,7 +21,7 @@
# Max year is only limited by the size of C int.
SIZEOF_INT = sysconfig.get_config_var('SIZEOF_INT') or 4
TIME_MAXYEAR = (1 << 8 * SIZEOF_INT - 1) - 1
-TIME_MINYEAR = -TIME_MAXYEAR - 1
+TIME_MINYEAR = -TIME_MAXYEAR - 1 + 1900
SEC_TO_US = 10 ** 6
US_TO_NS = 10 ** 3
@@ -614,12 +614,11 @@ def test_negative(self):
self.assertEqual(self.yearstr(-123456), '-123456')
self.assertEqual(self.yearstr(-123456789), str(-123456789))
self.assertEqual(self.yearstr(-1234567890), str(-1234567890))
- self.assertEqual(self.yearstr(TIME_MINYEAR + 1900), str(TIME_MINYEAR + 1900))
- # Issue #13312: it may return wrong value for year < TIME_MINYEAR + 1900
- # Skip the value test, but check that no error is raised
- self.yearstr(TIME_MINYEAR)
- # self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
+ self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
+ # Modules/timemodule.c checks for underflow
self.assertRaises(OverflowError, self.yearstr, TIME_MINYEAR - 1)
+ with self.assertRaises(OverflowError):
+ self.yearstr(-TIME_MAXYEAR - 1)
class TestAsctime4dyear(_TestAsctimeYear, _Test4dYear, unittest.TestCase):
diff --git a/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst b/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
new file mode 100644
index 000000000000..dc906696a53e
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-08-24-17-31-27.bpo-13312.6hA5La.rst
@@ -0,0 +1,2 @@
+Avoids a possible integer underflow (undefined behavior) in the time
+module's year handling code when passed a very low negative year value.
diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index dba3d0452acb..05c4cbcb9c81 100644
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -433,6 +433,12 @@ gettmarg(PyObject *args, struct tm *p)
&p->tm_hour, &p->tm_min, &p->tm_sec,
&p->tm_wday, &p->tm_yday, &p->tm_isdst))
return 0;
+
+ if (y < INT_MIN + 1900) {
+ PyErr_SetString(PyExc_OverflowError, "year out of range");
+ return 0;
+ }
+
p->tm_year = y - 1900;
p->tm_mon--;
p->tm_wday = (p->tm_wday + 1) % 7;
More information about the Python-checkins
mailing list