summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2016-08-14 00:17:06 (GMT)
committerBenjamin Peterson <benjamin@python.org>2016-08-14 00:17:06 (GMT)
commitd81ad0df717d21867c676f8dee454a9df2f6aece (patch)
tree90ff3d2fbda3f1bf0c79bbd743eb32167306de2a
parent04a538535361b07728ec767ca9d8a5e84ad7378b (diff)
downloadcpython-d81ad0df717d21867c676f8dee454a9df2f6aece.zip
cpython-d81ad0df717d21867c676f8dee454a9df2f6aece.tar.gz
cpython-d81ad0df717d21867c676f8dee454a9df2f6aece.tar.bz2
check for overflow in join_append_data (closes #27758)
Reported by Thomas E. Hybel
Diffstat
-rw-r--r--Misc/NEWS3
-rw-r--r--Modules/_csv.c23
2 files changed, 22 insertions, 4 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 9cb550a..c25d682 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -29,6 +29,9 @@ Core and Builtins
Library
-------
+- Issue #27758: Fix possible integer overflow in the _csv module for large record
+ lengths.
+
- Issue #23369: Fixed possible integer overflow in
_json.encode_basestring_ascii.
diff --git a/Modules/_csv.c b/Modules/_csv.c
index af46658..4589f06 100644
--- a/Modules/_csv.c
+++ b/Modules/_csv.c
@@ -985,11 +985,19 @@ join_append_data(WriterObj *self, char *field, int quote_empty,
int i, rec_len;
char *lineterm;
-#define ADDCH(c) \
+#define INCLEN \
+ do {\
+ if (!copy_phase && rec_len == INT_MAX) { \
+ goto overflow; \
+ } \
+ rec_len++; \
+ } while(0)
+
+#define ADDCH(c) \
do {\
if (copy_phase) \
self->rec[rec_len] = c;\
- rec_len++;\
+ INCLEN;\
} while(0)
lineterm = PyString_AsString(dialect->lineterminator);
@@ -1059,11 +1067,18 @@ join_append_data(WriterObj *self, char *field, int quote_empty,
if (*quoted) {
if (copy_phase)
ADDCH(dialect->quotechar);
- else
- rec_len += 2;
+ else {
+ INCLEN; /* starting quote */
+ INCLEN; /* ending quote */
+ }
}
return rec_len;
+
+ overflow:
+ PyErr_NoMemory();
+ return -1;
#undef ADDCH
+#undef INCLEN
}
static int
generated by cgit v0.12 at 2025-08-28 01:29:54 (GMT)