summaryrefslogtreecommitdiffstats
path: root/Objects
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@gmail.com>2013-12-13 11:14:44 (GMT)
committerVictor Stinner <victor.stinner@gmail.com>2013-12-13 11:14:44 (GMT)
commitc9362cf86ae302e89207dff7206b1c6bba413e33 (patch)
treec531a5e1bb121292cfdd16a2ff956f6586825a0e /Objects
parent3ad2d70947a1b6c4b76c2029213e654c1b6ebc4e (diff)
downloadcpython-c9362cf86ae302e89207dff7206b1c6bba413e33.zip
cpython-c9362cf86ae302e89207dff7206b1c6bba413e33.tar.gz
cpython-c9362cf86ae302e89207dff7206b1c6bba413e33.tar.bz2
Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
argument is not in range [0; 255].
Diffstat (limited to 'Objects')
-rw-r--r--Objects/bytesobject.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
index 47898fe..9dcb74e 100644
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -186,8 +186,17 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
switch (*f) {
case 'c':
- (void)va_arg(count, int);
- /* fall through... */
+ {
+ int c = va_arg(count, int);
+ if (c < 0 || c > 255) {
+ PyErr_SetString(PyExc_OverflowError,
+ "PyBytes_FromFormatV(): %c format "
+ "expects an integer in range [0; 255]");
+ return NULL;
+ }
+ n++;
+ break;
+ }
case '%':
n++;
break;
@@ -267,8 +276,12 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
switch (*f) {
case 'c':
- *s++ = va_arg(vargs, int);
+ {
+ int c = va_arg(vargs, int);
+ /* c has been checked for overflow in the first step */
+ *s++ = (unsigned char)c;
break;
+ }
case 'd':
if (longflag)
sprintf(s, "%ld", va_arg(vargs, long));
generated by cgit v0.12 at 2024-11-24 11:32:02 (GMT)