Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue #1621: Fix undefined behaviour from signed overflow in get_integer (stringlib/formatter.h)

This commit is contained in:
Mark Dickinson 2011-09-24 19:11:53 +01:00
parent dc863ddf79
commit 36f27c995a
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Objects/stringlib/formatter.h
View File

@ -73,7 +73,7 @@ static int
get_integer(STRINGLIB_CHAR **ptr, STRINGLIB_CHAR *end, get_integer(STRINGLIB_CHAR **ptr, STRINGLIB_CHAR *end,
Py_ssize_t *result) Py_ssize_t *result)
{ {
Py_ssize_t accumulator, digitval, oldaccumulator; Py_ssize_t accumulator, digitval;
int numdigits; int numdigits;
accumulator = numdigits = 0; accumulator = numdigits = 0;
for (;;(*ptr)++, numdigits++) { for (;;(*ptr)++, numdigits++) {
@ -83,19 +83,17 @@ get_integer(STRINGLIB_CHAR **ptr, STRINGLIB_CHAR *end,
if (digitval < 0) if (digitval < 0)
break; break;
/* /*
This trick was copied from old Unicode format code. It's cute, Detect possible overflow before it happens:
but would really suck on an old machine with a slow divide
implementation. Fortunately, in the normal case we do not accumulator * 10 + digitval > PY_SSIZE_T_MAX if and only if
expect too many digits. accumulator > (PY_SSIZE_T_MAX - digitval) / 10.
*/ */
oldaccumulator = accumulator; if (accumulator > (PY_SSIZE_T_MAX - digitval) / 10) {
accumulator *= 10;
if ((accumulator+10)/10 != oldaccumulator+1) {
PyErr_Format(PyExc_ValueError, PyErr_Format(PyExc_ValueError,
"Too many decimal digits in format string"); "Too many decimal digits in format string");
return -1; return -1;
} }
accumulator += digitval; accumulator = accumulator * 10 + digitval;
} }
*result = accumulator; *result = accumulator;
return numdigits; return numdigits;