summaryrefslogtreecommitdiffstats
path: root/Objects/stringobject.c
diff options
context:
space:
mode:
authorMark Dickinson <mdickinson@enthought.com>2012-10-28 10:00:46 (GMT)
committerMark Dickinson <mdickinson@enthought.com>2012-10-28 10:00:46 (GMT)
commit75d36004665a637c5d0aa868a5d0b728b3d03d39 (patch)
treeeaae340a81386d4ca660f446cd69f586bf7b10a9 /Objects/stringobject.c
parent08114d40e94fa97ac9a55b80b69dc269da904fcc (diff)
downloadcpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.zip
cpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.tar.gz
cpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.tar.bz2
Issue #14700: Fix buggy overflow checks for large precision and width in new-style and old-style formatting.
Diffstat (limited to 'Objects/stringobject.c')
-rw-r--r--Objects/stringobject.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 39fa740..152ea21 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -4369,7 +4369,7 @@ PyString_Format(PyObject *format, PyObject *args)
c = Py_CHARMASK(*fmt++);
if (!isdigit(c))
break;
- if ((width*10) / 10 != width) {
+ if (width > (PY_SSIZE_T_MAX - ((int)c - '0')) / 10) {
PyErr_SetString(
PyExc_ValueError,
"width too big");
@@ -4404,7 +4404,7 @@ PyString_Format(PyObject *format, PyObject *args)
c = Py_CHARMASK(*fmt++);
if (!isdigit(c))
break;
- if ((prec*10) / 10 != prec) {
+ if (prec > (INT_MAX - ((int)c - '0')) / 10) {
PyErr_SetString(
PyExc_ValueError,
"prec too big");
generated by cgit v0.12 at 2025-08-31 13:42:46 (GMT)