prevent integer overflow in escape_unicode (closes #24522)
This commit is contained in:
Benjamin Peterson
parent
758d60baaa
commit
7b78d4364d
|
|
@ -24,6 +24,8 @@ Core and Builtins
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
- Issue #24522: Fix possible integer overflow in json accelerator module.
|
||||||
|
|
||||||
- Issue #24489: ensure a previously set C errno doesn't disturb cmath.polar().
|
- Issue #24489: ensure a previously set C errno doesn't disturb cmath.polar().
|
||||||
|
|
||||||
- Issue #24408: Fixed AttributeError in measure() and metrics() methods of
|
- Issue #24408: Fixed AttributeError in measure() and metrics() methods of
|
||||||
|
|
|
||||||
|
|
@ -249,17 +249,23 @@ escape_unicode(PyObject *pystr)
|
||||||
/* Compute the output size */
|
/* Compute the output size */
|
||||||
for (i = 0, output_size = 2; i < input_chars; i++) {
|
for (i = 0, output_size = 2; i < input_chars; i++) {
|
||||||
Py_UCS4 c = PyUnicode_READ(kind, input, i);
|
Py_UCS4 c = PyUnicode_READ(kind, input, i);
|
||||||
|
Py_ssize_t d;
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case '\\': case '"': case '\b': case '\f':
|
case '\\': case '"': case '\b': case '\f':
|
||||||
case '\n': case '\r': case '\t':
|
case '\n': case '\r': case '\t':
|
||||||
output_size += 2;
|
d = 2;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (c <= 0x1f)
|
if (c <= 0x1f)
|
||||||
output_size += 6;
|
d = 6;
|
||||||
else
|
else
|
||||||
output_size++;
|
d = 1;
|
||||||
}
|
}
|
||||||
|
if (output_size > PY_SSIZE_T_MAX - d) {
|
||||||
|
PyErr_SetString(PyExc_OverflowError, "string is too long to escape");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
output_size += d;
|
||||||
}
|
}
|
||||||
|
|
||||||
rval = PyUnicode_New(output_size, maxchar);
|
rval = PyUnicode_New(output_size, maxchar);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue