summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Misc/NEWS3
-rw-r--r--Objects/unicodeobject.c28
2 files changed, 20 insertions, 11 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index e7476e5..a1fc5d0 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,9 @@ What's New in Python 3.4.3?
Core and Builtins
-----------------
+- Issue #22520: Fix overflow checking when generating the repr of a unicode
+ object.
+
- Issue #22519: Fix overflow checking in PyBytes_Repr.
- Issue #22518: Fix integer overflow issues in latin-1 encoding.
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 3da09ef..c3f75fd 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -12341,28 +12341,34 @@ unicode_repr(PyObject *unicode)
ikind = PyUnicode_KIND(unicode);
for (i = 0; i < isize; i++) {
Py_UCS4 ch = PyUnicode_READ(ikind, idata, i);
+ Py_ssize_t incr = 1;
switch (ch) {
- case '\'': squote++; osize++; break;
- case '"': dquote++; osize++; break;
+ case '\'': squote++; break;
+ case '"': dquote++; break;
case '\\': case '\t': case '\r': case '\n':
- osize += 2; break;
+ incr = 2;
+ break;
default:
/* Fast-path ASCII */
if (ch < ' ' || ch == 0x7f)
- osize += 4; /* \xHH */
+ incr = 4; /* \xHH */
else if (ch < 0x7f)
- osize++;
- else if (Py_UNICODE_ISPRINTABLE(ch)) {
- osize++;
+ ;
+ else if (Py_UNICODE_ISPRINTABLE(ch))
max = ch > max ? ch : max;
- }
else if (ch < 0x100)
- osize += 4; /* \xHH */
+ incr = 4; /* \xHH */
else if (ch < 0x10000)
- osize += 6; /* \uHHHH */
+ incr = 6; /* \uHHHH */
else
- osize += 10; /* \uHHHHHHHH */
+ incr = 10; /* \uHHHHHHHH */
+ }
+ if (osize > PY_SSIZE_T_MAX - incr) {
+ PyErr_SetString(PyExc_OverflowError,
+ "string is too long to generate repr");
+ return NULL;
}
+ osize += incr;
}
quote = '\'';
generated by cgit v0.12 at 2024-11-17 00:15:55 (GMT)