Merged revisions 70686 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r70686 | mark.dickinson | 2009-03-29 17:34:21 +0100 (Sun, 29 Mar 2009) | 15 lines

  Merged revisions 70682,70684 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r70682 | mark.dickinson | 2009-03-29 17:17:16 +0100 (Sun, 29 Mar 2009) | 3 lines

    Issue #532631:  Add paranoid check to avoid potential buffer overflow
    on systems with sizeof(int) > 4.
  ........
    r70684 | mark.dickinson | 2009-03-29 17:24:29 +0100 (Sun, 29 Mar 2009) | 3 lines

    Issue #532631: Apply floatformat changes to unicodeobject.c
    as well as stringobject.c.
  ........
................

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 20b803e830430e58dee04460adb86b0303e53c16..2f950d9d9bda29485ee0a2c539cb384ff32d4d39 100644 (file)
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -8584,6 +8584,15 @@ formatfloat(Py_UNICODE *buf,
         return -1;
     if (prec < 0)
         prec = 6;
+    /* make sure that the decimal representation of precision really does
+       need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+    if (prec > 0x7fffffffL) {
+        PyErr_SetString(PyExc_OverflowError,
+                        "outrageously large precision "
+                        "for formatted float");
+        return -1;
+    }
+
     if (type == 'f' && fabs(x) >= 1e50)
         type = 'g';
     /* Worst case length calc to ensure no buffer overrun: