From 8eeae2126ca7dd91ae6f10443eda1af5338bccf7 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Sun, 23 Jun 2013 20:12:14 +0300 Subject: Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise OverflowError when an argument of %c format is out of range. --- Lib/test/test_unicode.py | 2 ++ Misc/NEWS | 3 +++ Objects/unicodeobject.c | 9 +++++++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_unicode.py b/Lib/test/test_unicode.py index 2e30145..0c82560 100644 --- a/Lib/test/test_unicode.py +++ b/Lib/test/test_unicode.py @@ -2024,6 +2024,8 @@ class UnicodeTest(string_tests.CommonTest, # test "%c" self.assertEqual(PyUnicode_FromFormat(b'%c', c_int(0xabcd)), '\uabcd') self.assertEqual(PyUnicode_FromFormat(b'%c', c_int(0x10ffff)), '\U0010ffff') + with self.assertRaises(OverflowError): + PyUnicode_FromFormat(b'%c', c_int(0x110000)) # Issue #18183 self.assertEqual( PyUnicode_FromFormat(b'%c%c', c_int(0x10000), c_int(0x100000)), diff --git a/Misc/NEWS b/Misc/NEWS index 95b1716..f5a35bc 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,9 @@ What's New in Python 3.3.3 release candidate 1? Core and Builtins ----------------- +- Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise + OverflowError when an argument of %c format is out of range. + - Issue #18137: Detect integer overflow on precision in float.__format__() and complex.__format__(). diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 1c48197..2e40c27 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -2489,8 +2489,13 @@ PyUnicode_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': { - Py_UCS4 ordinal = va_arg(count, int); - maxchar = Py_MAX(maxchar, ordinal); + int ordinal = va_arg(count, int); + if (ordinal < 0 || ordinal > MAX_UNICODE) { + PyErr_SetString(PyExc_OverflowError, + "%c arg not in range(0x110000)"); + goto fail; + } + maxchar = Py_MAX(maxchar, (Py_UCS4)ordinal); n++; break; } -- cgit v0.12