summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Lib/test/test_curses.py3
-rw-r--r--Misc/NEWS3
-rw-r--r--Modules/_cursesmodule.c8
3 files changed, 14 insertions, 0 deletions
diff --git a/Lib/test/test_curses.py b/Lib/test/test_curses.py
index bd7d4fc..f049c29 100644
--- a/Lib/test/test_curses.py
+++ b/Lib/test/test_curses.py
@@ -163,6 +163,9 @@ class TestCurses(unittest.TestCase):
if hasattr(curses, 'enclose'):
stdscr.enclose()
+ self.assertRaises(ValueError, stdscr.getstr, -400)
+ self.assertRaises(ValueError, stdscr.getstr, 2, 3, -400)
+
def test_module_funcs(self):
"Test module-level functions"
diff --git a/Misc/NEWS b/Misc/NEWS
index 2611c09..ca80c73 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@ Core and Builtins
Library
-------
+- In the curses module, raise an error if window.getstr() is passed a negative
+ value.
+
- Issue #27758: Fix possible integer overflow in the _csv module for large record
lengths.
diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c
index 5ffce2f..a8735f2 100644
--- a/Modules/_cursesmodule.c
+++ b/Modules/_cursesmodule.c
@@ -1284,6 +1284,10 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
case 1:
if (!PyArg_ParseTuple(args,"i;n", &n))
return NULL;
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+ return NULL;
+ }
Py_BEGIN_ALLOW_THREADS
rtn2 = wgetnstr(self->win, rtn, Py_MIN(n, 1023));
Py_END_ALLOW_THREADS
@@ -1302,6 +1306,10 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args)
case 3:
if (!PyArg_ParseTuple(args,"iii;y,x,n", &y, &x, &n))
return NULL;
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+ return NULL;
+ }
#ifdef STRICT_SYSV_CURSES
Py_BEGIN_ALLOW_THREADS
rtn2 = wmove(self->win,y,x)==ERR ? ERR :