Issue #16335: Fix integer overflow in unicode-escape decoder.

2013-01-21 11:42:57 +02:00 · 2013-01-21 11:42:57 +02:00 · c35f3a9f61
parent e4aa08e52b 4f5f0e54e0
commit c35f3a9f61
2 changed files with 18 additions and 1 deletions
--- a/Lib/test/test_ucn.py
+++ b/Lib/test/test_ucn.py
@ -9,6 +9,7 @@ Modified for Python 2.0 by Fredrik Lundh (fredrik@pythonware.com)

 import unittest
 import unicodedata
+import _testcapi

 from test import support
 from http.client import HTTPException
@ -215,6 +216,21 @@ class UnicodeNamesTest(unittest.TestCase):
            str, b"\\NSPACE", 'unicode-escape', 'strict'
        )

+    @unittest.skipUnless(_testcapi.INT_MAX < _testcapi.PY_SSIZE_T_MAX,
+                         "needs UINT_MAX < SIZE_MAX")
+    def test_issue16335(self):
+        # very very long bogus character name
+        try:
+            x = b'\\N{SPACE' + b'x' * (_testcapi.UINT_MAX + 1) + b'}'
+        except MemoryError:
+            raise unittest.SkipTest("not enough memory")
+        self.assertEqual(len(x), len(b'\\N{SPACE}') + (_testcapi.UINT_MAX + 1))
+        self.assertRaisesRegex(UnicodeError,
+            'unknown Unicode character name',
+            x.decode, 'unicode-escape'
+        )
+
+
 def test_main():
    support.run_unittest(UnicodeNamesTest)

--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@ -5696,7 +5696,8 @@ PyUnicode_DecodeUnicodeEscape(const char *s,
                    /* found a name.  look it up in the unicode database */
                    message = "unknown Unicode character name";
                    s++;
-                    if (ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
+                    if (s - start - 1 <= INT_MAX &&
+                        ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
                                              &chr, 0))
                        goto store;
                }