summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2013-01-21 09:42:57 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2013-01-21 09:42:57 (GMT)
commitc35f3a9f619d0d4abd43d16ddc4767e2a30c3dce (patch)
tree3e279917f0e41c9217f888582685002eed17451f
parente4aa08e52b1bcf043ec5c9bcfd55268cb4161e3d (diff)
parent4f5f0e54e07838b29e3a2e043e9c9b12aeecb12f (diff)
downloadcpython-c35f3a9f619d0d4abd43d16ddc4767e2a30c3dce.zip
cpython-c35f3a9f619d0d4abd43d16ddc4767e2a30c3dce.tar.gz
cpython-c35f3a9f619d0d4abd43d16ddc4767e2a30c3dce.tar.bz2
Issue #16335: Fix integer overflow in unicode-escape decoder.
-rw-r--r--Lib/test/test_ucn.py16
-rw-r--r--Objects/unicodeobject.c3
2 files changed, 18 insertions, 1 deletions
diff --git a/Lib/test/test_ucn.py b/Lib/test/test_ucn.py
index 68a3219..ff4c4f1 100644
--- a/Lib/test/test_ucn.py
+++ b/Lib/test/test_ucn.py
@@ -9,6 +9,7 @@ Modified for Python 2.0 by Fredrik Lundh (fredrik@pythonware.com)
import unittest
import unicodedata
+import _testcapi
from test import support
from http.client import HTTPException
@@ -215,6 +216,21 @@ class UnicodeNamesTest(unittest.TestCase):
str, b"\\NSPACE", 'unicode-escape', 'strict'
)
+ @unittest.skipUnless(_testcapi.INT_MAX < _testcapi.PY_SSIZE_T_MAX,
+ "needs UINT_MAX < SIZE_MAX")
+ def test_issue16335(self):
+ # very very long bogus character name
+ try:
+ x = b'\\N{SPACE' + b'x' * (_testcapi.UINT_MAX + 1) + b'}'
+ except MemoryError:
+ raise unittest.SkipTest("not enough memory")
+ self.assertEqual(len(x), len(b'\\N{SPACE}') + (_testcapi.UINT_MAX + 1))
+ self.assertRaisesRegex(UnicodeError,
+ 'unknown Unicode character name',
+ x.decode, 'unicode-escape'
+ )
+
+
def test_main():
support.run_unittest(UnicodeNamesTest)
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index b57a896..c30245d 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -5696,7 +5696,8 @@ PyUnicode_DecodeUnicodeEscape(const char *s,
/* found a name. look it up in the unicode database */
message = "unknown Unicode character name";
s++;
- if (ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
+ if (s - start - 1 <= INT_MAX &&
+ ucnhash_CAPI->getcode(NULL, start, (int)(s-start-1),
&chr, 0))
goto store;
}