diff options
| author | Steve Dower <steve.dower@microsoft.com> | 2015-09-06 03:55:34 (GMT) |
|---|---|---|
| committer | Steve Dower <steve.dower@microsoft.com> | 2015-09-06 03:55:34 (GMT) |
| commit | 0fba9b324f061a4c8af9f39c3d0befdf29e2a216 (patch) | |
| tree | d537f3a799cbb0d16f5931d0792edb0db0b42da6 | |
| parent | ca3f435fe6b5de970848eb3a5d8f8e6cd5d2f73c (diff) | |
| download | cpython-0fba9b324f061a4c8af9f39c3d0befdf29e2a216.zip cpython-0fba9b324f061a4c8af9f39c3d0befdf29e2a216.tar.gz cpython-0fba9b324f061a4c8af9f39c3d0befdf29e2a216.tar.bz2 | |
Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/timemodule.c | 6 |
2 files changed, 8 insertions, 0 deletions
@@ -84,6 +84,8 @@ Library - Issue #16180: Exit pdb if file has syntax error, instead of trapping user in an infinite loop. Patch by Xavier de Gaye. +- Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch. + - Issue #21112: Fix regression in unittest.expectedFailure on subclasses. Patch from Berker Peksag. diff --git a/Modules/timemodule.c b/Modules/timemodule.c index d0917a4..f729594 100644 --- a/Modules/timemodule.c +++ b/Modules/timemodule.c @@ -662,6 +662,12 @@ time_strftime(PyObject *self, PyObject *args) "format %y requires year >= 1900 on AIX"); return NULL; } + else if (outbuf[1] == '\0') + { + PyErr_SetString(PyExc_ValueError, "Incomplete format string"); + Py_DECREF(format); + return NULL; + } } #endif |