diff options
author | Victor Stinner <victor.stinner@gmail.com> | 2013-12-13 11:14:44 (GMT) |
---|---|---|
committer | Victor Stinner <victor.stinner@gmail.com> | 2013-12-13 11:14:44 (GMT) |
commit | c9362cf86ae302e89207dff7206b1c6bba413e33 (patch) | |
tree | c531a5e1bb121292cfdd16a2ff956f6586825a0e /Objects/bytesobject.c | |
parent | 3ad2d70947a1b6c4b76c2029213e654c1b6ebc4e (diff) | |
download | cpython-c9362cf86ae302e89207dff7206b1c6bba413e33.zip cpython-c9362cf86ae302e89207dff7206b1c6bba413e33.tar.gz cpython-c9362cf86ae302e89207dff7206b1c6bba413e33.tar.bz2 |
Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
argument is not in range [0; 255].
Diffstat (limited to 'Objects/bytesobject.c')
-rw-r--r-- | Objects/bytesobject.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c index 47898fe..9dcb74e 100644 --- a/Objects/bytesobject.c +++ b/Objects/bytesobject.c @@ -186,8 +186,17 @@ PyBytes_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - (void)va_arg(count, int); - /* fall through... */ + { + int c = va_arg(count, int); + if (c < 0 || c > 255) { + PyErr_SetString(PyExc_OverflowError, + "PyBytes_FromFormatV(): %c format " + "expects an integer in range [0; 255]"); + return NULL; + } + n++; + break; + } case '%': n++; break; @@ -267,8 +276,12 @@ PyBytes_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - *s++ = va_arg(vargs, int); + { + int c = va_arg(vargs, int); + /* c has been checked for overflow in the first step */ + *s++ = (unsigned char)c; break; + } case 'd': if (longflag) sprintf(s, "%ld", va_arg(vargs, long)); |