bpo-13312: Avoid int underflow in time year. (GH-8912)

Avoids an integer underflow in the time module's year handling code.
(cherry picked from commit 76be0fffff)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
This commit is contained in:
Miss Islington (bot) 2018-08-25 01:53:00 -04:00 committed by GitHub
parent 1f9621cb9b
commit d5f017bbd6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 6 deletions

View File

@ -19,7 +19,7 @@ except ImportError:
# Max year is only limited by the size of C int.
SIZEOF_INT = sysconfig.get_config_var('SIZEOF_INT') or 4
TIME_MAXYEAR = (1 << 8 * SIZEOF_INT - 1) - 1
TIME_MINYEAR = -TIME_MAXYEAR - 1
TIME_MINYEAR = -TIME_MAXYEAR - 1 + 1900
SEC_TO_US = 10 ** 6
US_TO_NS = 10 ** 3
@ -714,12 +714,11 @@ class _Test4dYear:
self.assertEqual(self.yearstr(-123456), '-123456')
self.assertEqual(self.yearstr(-123456789), str(-123456789))
self.assertEqual(self.yearstr(-1234567890), str(-1234567890))
self.assertEqual(self.yearstr(TIME_MINYEAR + 1900), str(TIME_MINYEAR + 1900))
# Issue #13312: it may return wrong value for year < TIME_MINYEAR + 1900
# Skip the value test, but check that no error is raised
self.yearstr(TIME_MINYEAR)
# self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
self.assertEqual(self.yearstr(TIME_MINYEAR), str(TIME_MINYEAR))
# Modules/timemodule.c checks for underflow
self.assertRaises(OverflowError, self.yearstr, TIME_MINYEAR - 1)
with self.assertRaises(OverflowError):
self.yearstr(-TIME_MAXYEAR - 1)
class TestAsctime4dyear(_TestAsctimeYear, _Test4dYear, unittest.TestCase):

View File

@ -0,0 +1,2 @@
Avoids a possible integer underflow (undefined behavior) in the time
module's year handling code when passed a very low negative year value.

View File

@ -551,6 +551,12 @@ gettmarg(PyObject *args, struct tm *p, const char *format)
&p->tm_hour, &p->tm_min, &p->tm_sec,
&p->tm_wday, &p->tm_yday, &p->tm_isdst))
return 0;
if (y < INT_MIN + 1900) {
PyErr_SetString(PyExc_OverflowError, "year out of range");
return 0;
}
p->tm_year = y - 1900;
p->tm_mon--;
p->tm_wday = (p->tm_wday + 1) % 7;