Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Merged revisions 70682 via svnmerge from 

svn+ssh://pythondev@svn.python.org/python/trunk

........
  r70682 | mark.dickinson | 2009-03-29 17:17:16 +0100 (Sun, 29 Mar 2009) | 3 lines

  Issue #532631:  Add paranoid check to avoid potential buffer overflow
  on systems with sizeof(int) > 4.
........
This commit is contained in:
Mark Dickinson 2009-03-29 16:18:33 +00:00
parent a30f349ecf
commit 8788619540
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Objects/stringobject.c
View File

@ -4336,6 +4336,15 @@ formatfloat(char *buf, size_t buflen, int flags,
} }
if (prec < 0) if (prec < 0)
prec = 6; prec = 6;
/* make sure that the decimal representation of precision really does
need at most 10 digits: platforms with sizeof(int) == 8 exist! */
if (prec > 0x7fffffffL) {
PyErr_SetString(PyExc_OverflowError,
"outrageously large precision "
"for formatted float");
return -1;
}
if (type == 'f' && fabs(x) >= 1e50) if (type == 'f' && fabs(x) >= 1e50)
type = 'g'; type = 'g';
/* Worst case length calc to ensure no buffer overrun: /* Worst case length calc to ensure no buffer overrun:
@ -4364,7 +4373,7 @@ formatfloat(char *buf, size_t buflen, int flags,
PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c", PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
(flags&F_ALT) ? "#" : "", (flags&F_ALT) ? "#" : "",
prec, type); prec, type);
PyOS_ascii_formatd(buf, buflen, fmt, x); PyOS_ascii_formatd(buf, buflen, fmt, x);
return (int)strlen(buf); return (int)strlen(buf);
} }