bpo-31619: Fixed integer overflow in converting huge strings to int. (#3884)
This commit is contained in:
parent
1fb72d2ad2
commit
29ba688034
|
@ -2024,7 +2024,7 @@ long_from_binary_base(const char **str, int base, PyLongObject **res)
|
|||
const char *p = *str;
|
||||
const char *start = p;
|
||||
char prev = 0;
|
||||
int digits = 0;
|
||||
Py_ssize_t digits = 0;
|
||||
int bits_per_char;
|
||||
Py_ssize_t n;
|
||||
PyLongObject *z;
|
||||
|
@ -2267,8 +2267,9 @@ just 1 digit at the start, so that the copying code was exercised for every
|
|||
digit beyond the first.
|
||||
***/
|
||||
twodigits c; /* current input character */
|
||||
double fsize_z;
|
||||
Py_ssize_t size_z;
|
||||
int digits = 0;
|
||||
Py_ssize_t digits = 0;
|
||||
int i;
|
||||
int convwidth;
|
||||
twodigits convmultmax, convmult;
|
||||
|
@ -2330,7 +2331,14 @@ digit beyond the first.
|
|||
* need to initialize z->ob_digit -- no slot is read up before
|
||||
* being stored into.
|
||||
*/
|
||||
size_z = (Py_ssize_t)(digits * log_base_BASE[base]) + 1;
|
||||
fsize_z = digits * log_base_BASE[base] + 1;
|
||||
if (fsize_z > MAX_LONG_DIGITS) {
|
||||
/* The same exception as in _PyLong_New(). */
|
||||
PyErr_SetString(PyExc_OverflowError,
|
||||
"too many digits in integer");
|
||||
return NULL;
|
||||
}
|
||||
size_z = (Py_ssize_t)fsize_z;
|
||||
/* Uncomment next line to test exceedingly rare copy code */
|
||||
/* size_z = 1; */
|
||||
assert(size_z > 0);
|
||||
|
|
Loading…
Reference in New Issue