merge 3.5 (closes #27760)

This commit is contained in:
Benjamin Peterson 2016-08-13 18:37:20 -07:00
commit b6f78c2755
2 changed files with 17 additions and 9 deletions

View File

@ -61,6 +61,8 @@ Library
- In the curses module, raise an error if window.getstr() is passed a negative
value.
- Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
- Issue #27758: Fix possible integer overflow in the _csv module for large record
lengths.

View File

@ -1370,6 +1370,7 @@ binascii_b2a_qp_impl(PyObject *module, Py_buffer *data, int quotetabs,
/* First, scan to see how many characters need to be encoded */
in = 0;
while (in < datalen) {
Py_ssize_t delta = 0;
if ((databuf[in] > 126) ||
(databuf[in] == '=') ||
(header && databuf[in] == '_') ||
@ -1384,12 +1385,12 @@ binascii_b2a_qp_impl(PyObject *module, Py_buffer *data, int quotetabs,
if ((linelen + 3) >= MAXLINESIZE) {
linelen = 0;
if (crlf)
odatalen += 3;
delta += 3;
else
odatalen += 2;
delta += 2;
}
linelen += 3;
odatalen += 3;
delta += 3;
in++;
}
else {
@ -1401,11 +1402,11 @@ binascii_b2a_qp_impl(PyObject *module, Py_buffer *data, int quotetabs,
linelen = 0;
/* Protect against whitespace on end of line */
if (in && ((databuf[in-1] == ' ') || (databuf[in-1] == '\t')))
odatalen += 2;
delta += 2;
if (crlf)
odatalen += 2;
delta += 2;
else
odatalen += 1;
delta += 1;
if (databuf[in] == '\r')
in += 2;
else
@ -1417,15 +1418,20 @@ binascii_b2a_qp_impl(PyObject *module, Py_buffer *data, int quotetabs,
(linelen + 1) >= MAXLINESIZE) {
linelen = 0;
if (crlf)
odatalen += 3;
delta += 3;
else
odatalen += 2;
delta += 2;
}
linelen++;
odatalen++;
delta++;
in++;
}
}
if (PY_SSIZE_T_MAX - delta < odatalen) {
PyErr_NoMemory();
return NULL;
}
odatalen += delta;
}
/* We allocate the output same size as input, this is overkill.