mirror of
				https://github.com/python/cpython.git
				synced 2025-10-23 01:43:53 +00:00 
			
		
		
		
	prevent overflow in unicode_repr (closes #22520)
This commit is contained in:
		
							parent
							
								
									bbd0a323ae
								
							
						
					
					
						commit
						736b8012b4
					
				
					 2 changed files with 20 additions and 11 deletions
				
			
		|  | @ -10,6 +10,9 @@ What's New in Python 3.3.6 release candidate 1? | |||
| Core and Builtins | ||||
| ----------------- | ||||
| 
 | ||||
| - Issue #22520: Fix overflow checking when generating the repr of a unicode | ||||
|   object. | ||||
| 
 | ||||
| - Issue #22519: Fix overflow checking in PyBytes_Repr. | ||||
| 
 | ||||
| - Issue #22518: Fix integer overflow issues in latin-1 encoding. | ||||
|  |  | |||
|  | @ -12000,28 +12000,34 @@ unicode_repr(PyObject *unicode) | |||
|     ikind = PyUnicode_KIND(unicode); | ||||
|     for (i = 0; i < isize; i++) { | ||||
|         Py_UCS4 ch = PyUnicode_READ(ikind, idata, i); | ||||
|         Py_ssize_t incr = 1; | ||||
|         switch (ch) { | ||||
|         case '\'': squote++; osize++; break; | ||||
|         case '"':  dquote++; osize++; break; | ||||
|         case '\'': squote++; break; | ||||
|         case '"':  dquote++; break; | ||||
|         case '\\': case '\t': case '\r': case '\n': | ||||
|             osize += 2; break; | ||||
|             incr = 2; | ||||
|             break; | ||||
|         default: | ||||
|             /* Fast-path ASCII */ | ||||
|             if (ch < ' ' || ch == 0x7f) | ||||
|                 osize += 4; /* \xHH */ | ||||
|                 incr = 4; /* \xHH */ | ||||
|             else if (ch < 0x7f) | ||||
|                 osize++; | ||||
|             else if (Py_UNICODE_ISPRINTABLE(ch)) { | ||||
|                 osize++; | ||||
|                 ; | ||||
|             else if (Py_UNICODE_ISPRINTABLE(ch)) | ||||
|                 max = ch > max ? ch : max; | ||||
|             } | ||||
|             else if (ch < 0x100) | ||||
|                 osize += 4; /* \xHH */ | ||||
|                 incr = 4; /* \xHH */ | ||||
|             else if (ch < 0x10000) | ||||
|                 osize += 6; /* \uHHHH */ | ||||
|                 incr = 6; /* \uHHHH */ | ||||
|             else | ||||
|                 osize += 10; /* \uHHHHHHHH */ | ||||
|                 incr = 10; /* \uHHHHHHHH */ | ||||
|         } | ||||
|         if (osize > PY_SSIZE_T_MAX - incr) { | ||||
|             PyErr_SetString(PyExc_OverflowError, | ||||
|                             "string is too long to generate repr"); | ||||
|             return NULL; | ||||
|         } | ||||
|         osize += incr; | ||||
|     } | ||||
| 
 | ||||
|     quote = '\''; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Benjamin Peterson
						Benjamin Peterson