Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

bpo-31619: Fixed integer overflow in converting huge strings to int. (#3884)

This commit is contained in:
Serhiy Storchaka 2017-12-03 22:16:21 +02:00 committed by GitHub
parent 1fb72d2ad2
commit 29ba688034
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Objects/longobject.c
View File

@ -2024,7 +2024,7 @@ long_from_binary_base(const char **str, int base, PyLongObject **res)
const char *p = *str;
const char *start = p;
char prev = 0;
int digits = 0;
Py_ssize_t digits = 0;
int bits_per_char;
Py_ssize_t n;
PyLongObject *z;
@ -2267,8 +2267,9 @@ just 1 digit at the start, so that the copying code was exercised for every
digit beyond the first.
***/
twodigits c; /* current input character */
double fsize_z;
Py_ssize_t size_z;
int digits = 0;
Py_ssize_t digits = 0;
int i;
int convwidth;
twodigits convmultmax, convmult;
@ -2330,7 +2331,14 @@ digit beyond the first.
* need to initialize z->ob_digit -- no slot is read up before
* being stored into.
*/
size_z = (Py_ssize_t)(digits * log_base_BASE[base]) + 1;
fsize_z = digits * log_base_BASE[base] + 1;
if (fsize_z > MAX_LONG_DIGITS) {
/* The same exception as in _PyLong_New(). */
PyErr_SetString(PyExc_OverflowError,
"too many digits in integer");
return NULL;
}
size_z = (Py_ssize_t)fsize_z;
/* Uncomment next line to test exceedingly rare copy code */
/* size_z = 1; */
assert(size_z > 0);