Issue #14700: Fix buggy overflow checks for large precision and width in new-style and old-style formatting.

2026-01-30 19:22:20 +00:00 · 2012-10-28 10:00:46 +00:00 · 2012-10-28 10:00:46 +00:00 · 75d3600466
commit 75d3600466
parent 08114d40e9
7 changed files with 74 additions and 22 deletions
--- a/Objects/stringlib/string_format.h
+++ b/Objects/stringlib/string_format.h
@ -197,7 +197,6 @@ get_integer(const SubString *str)
 {
    Py_ssize_t accumulator = 0;
    Py_ssize_t digitval;
-    Py_ssize_t oldaccumulator;
    STRINGLIB_CHAR *p;

    /* empty string is an error */
@ -209,19 +208,17 @@ get_integer(const SubString *str)
        if (digitval < 0)
            return -1;
        /*
-           This trick was copied from old Unicode format code.  It's cute,
-           but would really suck on an old machine with a slow divide
-           implementation.  Fortunately, in the normal case we do not
-           expect too many digits.
+           Detect possible overflow before it happens:
+
+              accumulator * 10 + digitval > PY_SSIZE_T_MAX if and only if
+              accumulator > (PY_SSIZE_T_MAX - digitval) / 10.
        */
-        oldaccumulator = accumulator;
-        accumulator *= 10;
-        if ((accumulator+10)/10 != oldaccumulator+1) {
+        if (accumulator > (PY_SSIZE_T_MAX - digitval) / 10) {
            PyErr_Format(PyExc_ValueError,
                         "Too many decimal digits in format string");
            return -1;
        }
-        accumulator += digitval;
+        accumulator = accumulator * 10 + digitval;
    }
    return accumulator;
 }