merge 3.3 (closes #23165)
This commit is contained in:
commit
10ecaa2416
|
@ -38,6 +38,9 @@ Core and Builtins
|
|||
|
||||
- Issue #22518: Fix integer overflow issues in latin-1 encoding.
|
||||
|
||||
- Issue #23165: Perform overflow checks before allocating memory in the
|
||||
_Py_char2wchar function.
|
||||
|
||||
Library
|
||||
-------
|
||||
|
||||
|
|
|
@ -220,8 +220,11 @@ decode_ascii_surrogateescape(const char *arg, size_t *size)
|
|||
wchar_t *res;
|
||||
unsigned char *in;
|
||||
wchar_t *out;
|
||||
size_t argsize = strlen(arg) + 1;
|
||||
|
||||
res = PyMem_RawMalloc((strlen(arg)+1)*sizeof(wchar_t));
|
||||
if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
|
||||
return NULL;
|
||||
res = PyMem_RawMalloc(argsize*sizeof(wchar_t));
|
||||
if (!res)
|
||||
return NULL;
|
||||
|
||||
|
@ -303,10 +306,15 @@ _Py_char2wchar(const char* arg, size_t *size)
|
|||
argsize = mbstowcs(NULL, arg, 0);
|
||||
#endif
|
||||
if (argsize != (size_t)-1) {
|
||||
res = (wchar_t *)PyMem_RawMalloc((argsize+1)*sizeof(wchar_t));
|
||||
if (argsize == PY_SSIZE_T_MAX)
|
||||
goto oom;
|
||||
argsize += 1;
|
||||
if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
|
||||
goto oom;
|
||||
res = (wchar_t *)PyMem_RawMalloc(argsize*sizeof(wchar_t));
|
||||
if (!res)
|
||||
goto oom;
|
||||
count = mbstowcs(res, arg, argsize+1);
|
||||
count = mbstowcs(res, arg, argsize);
|
||||
if (count != (size_t)-1) {
|
||||
wchar_t *tmp;
|
||||
/* Only use the result if it contains no
|
||||
|
@ -329,6 +337,8 @@ _Py_char2wchar(const char* arg, size_t *size)
|
|||
/* Overallocate; as multi-byte characters are in the argument, the
|
||||
actual output could use less memory. */
|
||||
argsize = strlen(arg) + 1;
|
||||
if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
|
||||
goto oom;
|
||||
res = (wchar_t*)PyMem_RawMalloc(argsize*sizeof(wchar_t));
|
||||
if (!res)
|
||||
goto oom;
|
||||
|
|
Loading…
Reference in New Issue