diff options
| author | Benjamin Peterson <benjamin@python.org> | 2015-02-01 22:59:49 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2015-02-01 22:59:49 (GMT) |
| commit | 3675cd9db1d7eda965df81357a11dd40e41090f7 (patch) | |
| tree | 7736103010ac82c41b4a51eb5c4121dca198fb74 | |
| parent | 3a43d063213f221436ec00afca1d74b4a3b28c15 (diff) | |
| parent | e3bfe19358f9d6747676fcdb9af415972d276671 (diff) | |
| download | cpython-3675cd9db1d7eda965df81357a11dd40e41090f7.zip cpython-3675cd9db1d7eda965df81357a11dd40e41090f7.tar.gz cpython-3675cd9db1d7eda965df81357a11dd40e41090f7.tar.bz2 | |
merge 3.3 (#23369)
| -rw-r--r-- | Lib/test/test_json/test_encode_basestring_ascii.py | 9 | ||||
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/_json.c | 15 |
3 files changed, 22 insertions, 5 deletions
diff --git a/Lib/test/test_json/test_encode_basestring_ascii.py b/Lib/test/test_json/test_encode_basestring_ascii.py index 480afd6..3c014d3 100644 --- a/Lib/test/test_json/test_encode_basestring_ascii.py +++ b/Lib/test/test_json/test_encode_basestring_ascii.py @@ -1,5 +1,6 @@ from collections import OrderedDict from test.test_json import PyTest, CTest +from test.support import bigaddrspacetest CASES = [ @@ -41,4 +42,10 @@ class TestEncodeBasestringAscii: class TestPyEncodeBasestringAscii(TestEncodeBasestringAscii, PyTest): pass -class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest): pass +class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest): + @bigaddrspacetest + def test_overflow(self): + s = "\uffff"*((2**32)//6 + 1) + with self.assertRaises(OverflowError): + self.json.encoder.encode_basestring_ascii(s) + @@ -50,6 +50,9 @@ Core and Builtins Library ------- +- Issue #23369: Fixed possible integer overflow in + _json.encode_basestring_ascii. + - Issue #23353: Fix the exception handling of generators in PyEval_EvalFrameEx(). At entry, save or swap the exception state even if PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state diff --git a/Modules/_json.c b/Modules/_json.c index 1580ee6..f523aab 100644 --- a/Modules/_json.c +++ b/Modules/_json.c @@ -182,17 +182,24 @@ ascii_escape_unicode(PyObject *pystr) /* Compute the output size */ for (i = 0, output_size = 2; i < input_chars; i++) { Py_UCS4 c = PyUnicode_READ(kind, input, i); - if (S_CHAR(c)) - output_size++; + Py_ssize_t d; + if (S_CHAR(c)) { + d = 1; + } else { switch(c) { case '\\': case '"': case '\b': case '\f': case '\n': case '\r': case '\t': - output_size += 2; break; + d = 2; break; default: - output_size += c >= 0x10000 ? 12 : 6; + d = c >= 0x10000 ? 12 : 6; } } + if (output_size > PY_SSIZE_T_MAX - d) { + PyErr_SetString(PyExc_OverflowError, "string is too long to escape"); + return NULL; + } + output_size += d; } rval = PyUnicode_New(output_size, 127); |