Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c" 

argument is not in range [0; 255].
This commit is contained in:
Victor Stinner 2013-12-13 12:14:44 +01:00
parent 3ad2d70947
commit c9362cf86a
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Lib/test/test_bytes.py
View File

@ -729,6 +729,12 @@ class BytesTest(BaseBytesTest, unittest.TestCase):
self.assertEqual(PyBytes_FromFormat(b's:%s', c_char_p(b'cstr')), self.assertEqual(PyBytes_FromFormat(b's:%s', c_char_p(b'cstr')),
b's:cstr') b's:cstr')
# Issue #19969
self.assertRaises(OverflowError,
PyBytes_FromFormat, b'%c', c_int(-1))
self.assertRaises(OverflowError,
PyBytes_FromFormat, b'%c', c_int(256))
class ByteArrayTest(BaseBytesTest, unittest.TestCase): class ByteArrayTest(BaseBytesTest, unittest.TestCase):
type2test = bytearray type2test = bytearray

3
Misc/NEWS
View File

@ -10,6 +10,9 @@ What's New in Python 3.3.4 release candidate 1?
Core and Builtins Core and Builtins
----------------- -----------------
- Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
argument is not in range [0; 255].
- Issue #14432: Generator now clears the borrowed reference to the thread - Issue #14432: Generator now clears the borrowed reference to the thread
state. Fix a crash when a generator is created in a C thread that is state. Fix a crash when a generator is created in a C thread that is
destroyed while the generator is still used. The issue was that a generator destroyed while the generator is still used. The issue was that a generator

19
Objects/bytesobject.c
View File

@ -186,8 +186,17 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
switch (*f) { switch (*f) {
case 'c': case 'c':
(void)va_arg(count, int); {
/* fall through... */ int c = va_arg(count, int);
if (c < 0 || c > 255) {
PyErr_SetString(PyExc_OverflowError,
"PyBytes_FromFormatV(): %c format "
"expects an integer in range [0; 255]");
return NULL;
}
n++;
break;
}
case '%': case '%':
n++; n++;
break; break;
@ -267,8 +276,12 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
switch (*f) { switch (*f) {
case 'c': case 'c':
*s++ = va_arg(vargs, int); {
int c = va_arg(vargs, int);
/* c has been checked for overflow in the first step */
*s++ = (unsigned char)c;
break; break;
}
case 'd': case 'd':
if (longflag) if (longflag)
sprintf(s, "%ld", va_arg(vargs, long)); sprintf(s, "%ld", va_arg(vargs, long));