summaryrefslogtreecommitdiffstats
path: root/Objects/unicodeobject.c
diff options
context:
space:
mode:
authorMark Dickinson <mdickinson@enthought.com>2012-10-28 10:00:46 (GMT)
committerMark Dickinson <mdickinson@enthought.com>2012-10-28 10:00:46 (GMT)
commit75d36004665a637c5d0aa868a5d0b728b3d03d39 (patch)
treeeaae340a81386d4ca660f446cd69f586bf7b10a9 /Objects/unicodeobject.c
parent08114d40e94fa97ac9a55b80b69dc269da904fcc (diff)
downloadcpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.zip
cpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.tar.gz
cpython-75d36004665a637c5d0aa868a5d0b728b3d03d39.tar.bz2
Issue #14700: Fix buggy overflow checks for large precision and width in new-style and old-style formatting.
Diffstat (limited to 'Objects/unicodeobject.c')
-rw-r--r--Objects/unicodeobject.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index e3c2cb1..79b87df 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -8394,7 +8394,7 @@ PyObject *PyUnicode_Format(PyObject *format,
c = *fmt++;
if (c < '0' || c > '9')
break;
- if ((width*10) / 10 != width) {
+ if (width > (PY_SSIZE_T_MAX - ((int)c - '0')) / 10) {
PyErr_SetString(PyExc_ValueError,
"width too big");
goto onError;
@@ -8427,7 +8427,7 @@ PyObject *PyUnicode_Format(PyObject *format,
c = *fmt++;
if (c < '0' || c > '9')
break;
- if ((prec*10) / 10 != prec) {
+ if (prec > (INT_MAX - ((int)c - '0')) / 10) {
PyErr_SetString(PyExc_ValueError,
"prec too big");
goto onError;
generated by cgit v0.12 at 2025-09-01 19:54:29 (GMT)