diff options
| -rw-r--r-- | Objects/stringobject.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/Objects/stringobject.c b/Objects/stringobject.c index 3b5d331..89614e6 100644 --- a/Objects/stringobject.c +++ b/Objects/stringobject.c @@ -4344,6 +4344,15 @@ formatfloat(char *buf, size_t buflen, int flags, } if (prec < 0) prec = 6; + /* make sure that the decimal representation of precision really does + need at most 10 digits: platforms with sizeof(int) == 8 exist! */ + if (prec > 0x7fffffffL) { + PyErr_SetString(PyExc_OverflowError, + "outrageously large precision " + "for formatted float"); + return -1; + } + if (type == 'f' && fabs(x) >= 1e50) type = 'g'; /* Worst case length calc to ensure no buffer overrun: @@ -4372,7 +4381,7 @@ formatfloat(char *buf, size_t buflen, int flags, PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c", (flags&F_ALT) ? "#" : "", prec, type); - PyOS_ascii_formatd(buf, buflen, fmt, x); + PyOS_ascii_formatd(buf, buflen, fmt, x); return (int)strlen(buf); } |