From 174e909842837abb5b4337c42d0c0c7cffa0f6c7 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <dickinsm@gmail.com>
Date: Sun, 29 Mar 2009 16:17:16 +0000
Subject: [PATCH] Issue #532631:  Add paranoid check to avoid potential buffer
 overflow on systems with sizeof(int) > 4.

---
 Objects/stringobject.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 3b5d331bed5..89614e6a3d6 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -4344,6 +4344,15 @@ formatfloat(char *buf, size_t buflen, int flags,
 	}
 	if (prec < 0)
 		prec = 6;
+	/* make sure that the decimal representation of precision really does
+	   need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+	if (prec > 0x7fffffffL) {
+		PyErr_SetString(PyExc_OverflowError,
+				"outrageously large precision "
+				"for formatted float");
+		return -1;
+	}
+
 	if (type == 'f' && fabs(x) >= 1e50)
 		type = 'g';
 	/* Worst case length calc to ensure no buffer overrun:
@@ -4372,7 +4381,7 @@ formatfloat(char *buf, size_t buflen, int flags,
 	PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
 		      (flags&F_ALT) ? "#" : "",
 		      prec, type);
-        PyOS_ascii_formatd(buf, buflen, fmt, x);
+	PyOS_ascii_formatd(buf, buflen, fmt, x);
 	return (int)strlen(buf);
 }