merge 3.3 (#27758)
This commit is contained in:
commit
59b6abd38c
|
@ -13,6 +13,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #27758: Fix possible integer overflow in the _csv module for large record
|
||||
lengths.
|
||||
|
||||
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
|
||||
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
|
||||
that the script is in CGI mode.
|
||||
|
|
|
@ -1016,11 +1016,19 @@ join_append_data(WriterObj *self, unsigned int field_kind, void *field_data,
|
|||
int i;
|
||||
Py_ssize_t rec_len;
|
||||
|
||||
#define ADDCH(c) \
|
||||
#define INCLEN \
|
||||
do {\
|
||||
if (!copy_phase && rec_len == PY_SSIZE_T_MAX) { \
|
||||
goto overflow; \
|
||||
} \
|
||||
rec_len++; \
|
||||
} while(0)
|
||||
|
||||
#define ADDCH(c) \
|
||||
do {\
|
||||
if (copy_phase) \
|
||||
self->rec[rec_len] = c;\
|
||||
rec_len++;\
|
||||
INCLEN;\
|
||||
} while(0)
|
||||
|
||||
rec_len = self->rec_len;
|
||||
|
@ -1086,11 +1094,18 @@ join_append_data(WriterObj *self, unsigned int field_kind, void *field_data,
|
|||
if (*quoted) {
|
||||
if (copy_phase)
|
||||
ADDCH(dialect->quotechar);
|
||||
else
|
||||
rec_len += 2;
|
||||
else {
|
||||
INCLEN; /* starting quote */
|
||||
INCLEN; /* ending quote */
|
||||
}
|
||||
}
|
||||
return rec_len;
|
||||
|
||||
overflow:
|
||||
PyErr_NoMemory();
|
||||
return -1;
|
||||
#undef ADDCH
|
||||
#undef INCLEN
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
Loading…
Reference in New Issue