diff options
author | Amaury Forgeot d'Arc <amauryfa@gmail.com> | 2009-03-02 23:52:57 (GMT) |
---|---|---|
committer | Amaury Forgeot d'Arc <amauryfa@gmail.com> | 2009-03-02 23:52:57 (GMT) |
commit | b5be6d48190418a58f0a49b4a4d5f476560f6a64 (patch) | |
tree | 9aeca4943e2d420941a10b0b6767c7fa4ac76c61 /Modules | |
parent | f5b52246ed8a1191c3aa1da7d3c63bbe11aee020 (diff) | |
download | cpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.zip cpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.tar.gz cpython-b5be6d48190418a58f0a49b4a4d5f476560f6a64.tar.bz2 |
re-merge r69268 (issue4804) from trunk:
Now that the C runtime assertions are not silenced any more,
we must provide checks for the format string of strftime
Diffstat (limited to 'Modules')
-rw-r--r-- | Modules/timemodule.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/Modules/timemodule.c b/Modules/timemodule.c index 7e18086..2727297 100644 --- a/Modules/timemodule.c +++ b/Modules/timemodule.c @@ -513,6 +513,24 @@ time_strftime(PyObject *self, PyObject *args) if (format == NULL) return NULL; fmt = PyBytes_AS_STRING(format); + +#ifdef MS_WINDOWS + /* check that the format string contains only valid directives */ + for(outbuf = strchr(fmt, '%'); + outbuf != NULL; + outbuf = strchr(outbuf+2, '%')) + { + if (outbuf[1]=='#') + ++outbuf; /* not documented by python, */ + if (outbuf[1]=='\0' || + !strchr("aAbBcdfHIjmMpSUwWxXyYzZ%", outbuf[1])) + { + PyErr_SetString(PyExc_ValueError, "Invalid format string"); + return 0; + } + } +#endif + fmtlen = strlen(fmt); /* I hate these functions that presume you know how big the output |