Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis

and fix by Guido Vranken.
author: Serhiy Storchaka <storchaka@gmail.com> 2015-01-27 20:18:46 (GMT)
committer: Serhiy Storchaka <storchaka@gmail.com> 2015-01-27 20:18:46 (GMT)
commit: 4dbc30500218204eace01fa4d429f3087df5376f (patch)
tree: 4deec5fd49df021302a4ca3abe2756735077e5c6 /Objects
parent: 119479f70550cf4323ba1eb8cdda88a47681362b (diff)
download: cpython-4dbc30500218204eace01fa4d429f3087df5376f.zip
cpython-4dbc30500218204eace01fa4d429f3087df5376f.tar.gz
cpython-4dbc30500218204eace01fa4d429f3087df5376f.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index e896aba..156316b 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -2335,6 +2335,8 @@ parse_format_flags(const char *f,
             f--;
         }
     }
+    if (width < precision)
+        width = precision;
     if (*f == '\0') {
         /* bogus format "%.1" => go backward, f points to "1" */
         f--;
author	Serhiy Storchaka <storchaka@gmail.com>	2015-01-27 20:18:46 (GMT)
committer	Serhiy Storchaka <storchaka@gmail.com>	2015-01-27 20:18:46 (GMT)
commit	4dbc30500218204eace01fa4d429f3087df5376f (patch)
tree	4deec5fd49df021302a4ca3abe2756735077e5c6 /Objects
parent	119479f70550cf4323ba1eb8cdda88a47681362b (diff)
download	cpython-4dbc30500218204eace01fa4d429f3087df5376f.zip cpython-4dbc30500218204eace01fa4d429f3087df5376f.tar.gz cpython-4dbc30500218204eace01fa4d429f3087df5376f.tar.bz2