diff options
author | Benjamin Peterson <benjamin@python.org> | 2016-08-14 01:36:55 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2016-08-14 01:36:55 (GMT) |
commit | 5295532adb9d33970dd0f3370ab45c4e3bc3757c (patch) | |
tree | 80169a92b70fd8dce05390a2a0f9ef7c6adee6af | |
parent | 40a77c33819606b40ca04f680a06fcf31e2151a6 (diff) | |
parent | 4f976513efd8d411126e09d036842d0691c49c82 (diff) | |
download | cpython-5295532adb9d33970dd0f3370ab45c4e3bc3757c.zip cpython-5295532adb9d33970dd0f3370ab45c4e3bc3757c.tar.gz cpython-5295532adb9d33970dd0f3370ab45c4e3bc3757c.tar.bz2 |
merge 3.3 (closes #27760)
-rw-r--r-- | Misc/NEWS | 2 | ||||
-rw-r--r-- | Modules/binascii.c | 24 |
2 files changed, 17 insertions, 9 deletions
@@ -16,6 +16,8 @@ Library - In the curses module, raise an error if window.getstr() is passed a negative value. +- Issue #27760: Fix possible integer overflow in binascii.b2a_qp. + - Issue #27758: Fix possible integer overflow in the _csv module for large record lengths. diff --git a/Modules/binascii.c b/Modules/binascii.c index ea14d3c..c9309ce 100644 --- a/Modules/binascii.c +++ b/Modules/binascii.c @@ -1408,6 +1408,7 @@ binascii_b2a_qp_impl(PyModuleDef *module, Py_buffer *data, int quotetabs, int is /* First, scan to see how many characters need to be encoded */ in = 0; while (in < datalen) { + Py_ssize_t delta = 0; if ((databuf[in] > 126) || (databuf[in] == '=') || (header && databuf[in] == '_') || @@ -1422,12 +1423,12 @@ binascii_b2a_qp_impl(PyModuleDef *module, Py_buffer *data, int quotetabs, int is if ((linelen + 3) >= MAXLINESIZE) { linelen = 0; if (crlf) - odatalen += 3; + delta += 3; else - odatalen += 2; + delta += 2; } linelen += 3; - odatalen += 3; + delta += 3; in++; } else { @@ -1439,11 +1440,11 @@ binascii_b2a_qp_impl(PyModuleDef *module, Py_buffer *data, int quotetabs, int is linelen = 0; /* Protect against whitespace on end of line */ if (in && ((databuf[in-1] == ' ') || (databuf[in-1] == '\t'))) - odatalen += 2; + delta += 2; if (crlf) - odatalen += 2; + delta += 2; else - odatalen += 1; + delta += 1; if (databuf[in] == '\r') in += 2; else @@ -1455,15 +1456,20 @@ binascii_b2a_qp_impl(PyModuleDef *module, Py_buffer *data, int quotetabs, int is (linelen + 1) >= MAXLINESIZE) { linelen = 0; if (crlf) - odatalen += 3; + delta += 3; else - odatalen += 2; + delta += 2; } linelen++; - odatalen++; + delta++; in++; } } + if (PY_SSIZE_T_MAX - delta < odatalen) { + PyErr_NoMemory(); + return NULL; + } + odatalen += delta; } /* We allocate the output same size as input, this is overkill. |