Issue #16335: Fix integer overflow in unicode-escape decoder.

This commit is contained in:
Serhiy Storchaka 2013-01-21 11:42:57 +02:00
commit c35f3a9f61
2 changed files with 18 additions and 1 deletions

View File

@ -9,6 +9,7 @@ Modified for Python 2.0 by Fredrik Lundh (fredrik@pythonware.com)
import unittest
import unicodedata
import _testcapi
from test import support
from http.client import HTTPException
@ -215,6 +216,21 @@ class UnicodeNamesTest(unittest.TestCase):
str, b"\\NSPACE", 'unicode-escape', 'strict'
)
@unittest.skipUnless(_testcapi.INT_MAX < _testcapi.PY_SSIZE_T_MAX,
"needs UINT_MAX < SIZE_MAX")
def test_issue16335(self):
# very very long bogus character name
try:
x = b'\\N{SPACE' + b'x' * (_testcapi.UINT_MAX + 1) + b'}'
except MemoryError:
raise unittest.SkipTest("not enough memory")
self.assertEqual(len(x), len(b'\\N{SPACE}') + (_testcapi.UINT_MAX + 1))
self.assertRaisesRegex(UnicodeError,
'unknown Unicode character name',
x.decode, 'unicode-escape'
)
def test_main():
support.run_unittest(UnicodeNamesTest)

View File

@ -5696,7 +5696,8 @@ PyUnicode_DecodeUnicodeEscape(const char *s,
/* found a name. look it up in the unicode database */
message = "unknown Unicode character name";
s++;
if (ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
if (s - start - 1 <= INT_MAX &&
ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
&chr, 0))
goto store;
}