From: Benjamin Peterson <benjamin@python.org>
Date: Tue, 16 Aug 2016 04:40:14 +0000 (-0700)
Subject: fail when negative values are passed to instr()
X-Git-Tag: v2.7.13rc1~212
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=505989c0e701b105bb67b8b4c55681b0328171fe;p=thirdparty%2FPython%2Fcpython.git

fail when negative values are passed to instr()
---

diff --git a/Lib/test/test_curses.py b/Lib/test/test_curses.py
index ce5f2a5e833b..bdb71e5e17ae 100644
--- a/Lib/test/test_curses.py
+++ b/Lib/test/test_curses.py
@@ -187,6 +187,8 @@ class TestCurses(unittest.TestCase):
 
         self.assertRaises(ValueError, stdscr.getstr, -400)
         self.assertRaises(ValueError, stdscr.getstr, 2, 3, -400)
+        self.assertRaises(ValueError, stdscr.instr, -2)
+        self.assertRaises(ValueError, stdscr.instr, 2, 3, -2)
 
 
     def test_module_funcs(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index b9d473499d36..417da1397323 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -31,8 +31,8 @@ Library
 
 - Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
 
-- In the curses module, raise an error if window.getstr() is passed a negative
-  value.
+- In the curses module, raise an error if window.getstr() or window.instr() is
+  passed a negative value.
 
 - Issue #27758: Fix possible integer overflow in the _csv module for large record
   lengths.
diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c
index d0d747986dc7..e478a5794829 100644
--- a/Modules/_cursesmodule.c
+++ b/Modules/_cursesmodule.c
@@ -1095,6 +1095,10 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args)
     case 1:
         if (!PyArg_ParseTuple(args,"i;n", &n))
             return NULL;
+        if (n < 0) {
+            PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+            return NULL;
+        }
         rtn2 = winnstr(self->win,rtn,MIN(n,1023));
         break;
     case 2:
@@ -1105,6 +1109,10 @@ PyCursesWindow_InStr(PyCursesWindowObject *self, PyObject *args)
     case 3:
         if (!PyArg_ParseTuple(args, "iii;y,x,n", &y, &x, &n))
             return NULL;
+        if (n < 0) {
+            PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative");
+            return NULL;
+        }
         rtn2 = mvwinnstr(self->win, y, x, rtn, MIN(n,1023));
         break;
     default: