diff options
author | Victor Stinner <victor.stinner@gmail.com> | 2013-12-13 11:15:31 (GMT) |
---|---|---|
committer | Victor Stinner <victor.stinner@gmail.com> | 2013-12-13 11:15:31 (GMT) |
commit | 507ac3a5910a5404013883ce45ad2f9cf0509b0e (patch) | |
tree | ce07a2f92b935600c89f39e874f9c704844457b6 | |
parent | 590cebe391fb2e199afe9b20ff67e360116a1266 (diff) | |
parent | c9362cf86ae302e89207dff7206b1c6bba413e33 (diff) | |
download | cpython-507ac3a5910a5404013883ce45ad2f9cf0509b0e.zip cpython-507ac3a5910a5404013883ce45ad2f9cf0509b0e.tar.gz cpython-507ac3a5910a5404013883ce45ad2f9cf0509b0e.tar.bz2 |
(Merge 3.3) Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if
"%c" argument is not in range [0; 255].
-rw-r--r-- | Lib/test/test_bytes.py | 6 | ||||
-rw-r--r-- | Misc/NEWS | 3 | ||||
-rw-r--r-- | Objects/bytesobject.c | 19 |
3 files changed, 25 insertions, 3 deletions
diff --git a/Lib/test/test_bytes.py b/Lib/test/test_bytes.py index 847c7a6..f350211 100644 --- a/Lib/test/test_bytes.py +++ b/Lib/test/test_bytes.py @@ -743,6 +743,12 @@ class BytesTest(BaseBytesTest, unittest.TestCase): self.assertEqual(PyBytes_FromFormat(b's:%s', c_char_p(b'cstr')), b's:cstr') + # Issue #19969 + self.assertRaises(OverflowError, + PyBytes_FromFormat, b'%c', c_int(-1)) + self.assertRaises(OverflowError, + PyBytes_FromFormat, b'%c', c_int(256)) + class ByteArrayTest(BaseBytesTest, unittest.TestCase): type2test = bytearray @@ -10,6 +10,9 @@ Release date: 2014-01-05 Core and Builtins ----------------- +- Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c" + argument is not in range [0; 255]. + - Issue #19787: PyThread_set_key_value() now always set the value. In Python 3.3, the function did nothing if the key already exists (if the current value is a non-NULL pointer). diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c index 63c67f8..614978b 100644 --- a/Objects/bytesobject.c +++ b/Objects/bytesobject.c @@ -195,8 +195,17 @@ PyBytes_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - (void)va_arg(count, int); - /* fall through... */ + { + int c = va_arg(count, int); + if (c < 0 || c > 255) { + PyErr_SetString(PyExc_OverflowError, + "PyBytes_FromFormatV(): %c format " + "expects an integer in range [0; 255]"); + return NULL; + } + n++; + break; + } case '%': n++; break; @@ -276,8 +285,12 @@ PyBytes_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - *s++ = va_arg(vargs, int); + { + int c = va_arg(vargs, int); + /* c has been checked for overflow in the first step */ + *s++ = (unsigned char)c; break; + } case 'd': if (longflag) sprintf(s, "%ld", va_arg(vargs, long)); |