diff options
| author | Mark Dickinson <mdickinson@enthought.com> | 2012-10-28 10:18:03 (GMT) |
|---|---|---|
| committer | Mark Dickinson <mdickinson@enthought.com> | 2012-10-28 10:18:03 (GMT) |
| commit | fb90c0934c22041cad1fc4019c9853205befc967 (patch) | |
| tree | 8814d98ae8a6cc931232a07790c55c40072aaccb /Objects/unicodeobject.c | |
| parent | 579d5cd643d31b732e6e7707582276565e44ece9 (diff) | |
| download | cpython-fb90c0934c22041cad1fc4019c9853205befc967.zip cpython-fb90c0934c22041cad1fc4019c9853205befc967.tar.gz cpython-fb90c0934c22041cad1fc4019c9853205befc967.tar.bz2 | |
Issue #14700: Fix buggy overflow checks for large precision and width in new-style and old-style formatting.
Diffstat (limited to 'Objects/unicodeobject.c')
| -rw-r--r-- | Objects/unicodeobject.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 1dd3a85..3ef9c9b 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -9648,7 +9648,7 @@ PyObject *PyUnicode_Format(PyObject *format, c = *fmt++; if (c < '0' || c > '9') break; - if ((width*10) / 10 != width) { + if (width > (PY_SSIZE_T_MAX - ((int)c - '0')) / 10) { PyErr_SetString(PyExc_ValueError, "width too big"); goto onError; @@ -9683,7 +9683,7 @@ PyObject *PyUnicode_Format(PyObject *format, c = *fmt++; if (c < '0' || c > '9') break; - if ((prec*10) / 10 != prec) { + if (prec > (INT_MAX - ((int)c - '0')) / 10) { PyErr_SetString(PyExc_ValueError, "prec too big"); goto onError; |