This commit is contained in:
Benjamin Peterson 2015-02-01 17:59:49 -05:00
commit 3675cd9db1
3 changed files with 22 additions and 5 deletions

View File

@ -1,5 +1,6 @@
from collections import OrderedDict
from test.test_json import PyTest, CTest
from test.support import bigaddrspacetest
CASES = [
@ -41,4 +42,10 @@ class TestEncodeBasestringAscii:
class TestPyEncodeBasestringAscii(TestEncodeBasestringAscii, PyTest): pass
class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest): pass
class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest):
@bigaddrspacetest
def test_overflow(self):
s = "\uffff"*((2**32)//6 + 1)
with self.assertRaises(OverflowError):
self.json.encoder.encode_basestring_ascii(s)

View File

@ -50,6 +50,9 @@ Core and Builtins
Library
-------
- Issue #23369: Fixed possible integer overflow in
_json.encode_basestring_ascii.
- Issue #23353: Fix the exception handling of generators in
PyEval_EvalFrameEx(). At entry, save or swap the exception state even if
PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state

View File

@ -182,17 +182,24 @@ ascii_escape_unicode(PyObject *pystr)
/* Compute the output size */
for (i = 0, output_size = 2; i < input_chars; i++) {
Py_UCS4 c = PyUnicode_READ(kind, input, i);
if (S_CHAR(c))
output_size++;
Py_ssize_t d;
if (S_CHAR(c)) {
d = 1;
}
else {
switch(c) {
case '\\': case '"': case '\b': case '\f':
case '\n': case '\r': case '\t':
output_size += 2; break;
d = 2; break;
default:
output_size += c >= 0x10000 ? 12 : 6;
d = c >= 0x10000 ? 12 : 6;
}
}
if (output_size > PY_SSIZE_T_MAX - d) {
PyErr_SetString(PyExc_OverflowError, "string is too long to escape");
return NULL;
}
output_size += d;
}
rval = PyUnicode_New(output_size, 127);