From: Mark Dickinson Date: Sun, 29 Mar 2009 16:36:01 +0000 (+0000) Subject: Merged revisions 70686 via svnmerge from X-Git-Tag: 3.0~288 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=124896728f36d608a45bb4313ccfbc09b551fd3e;p=thirdparty%2FPython%2Fcpython.git Merged revisions 70686 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r70686 | mark.dickinson | 2009-03-29 17:34:21 +0100 (Sun, 29 Mar 2009) | 15 lines Merged revisions 70682,70684 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r70682 | mark.dickinson | 2009-03-29 17:17:16 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Add paranoid check to avoid potential buffer overflow on systems with sizeof(int) > 4. ........ r70684 | mark.dickinson | 2009-03-29 17:24:29 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Apply floatformat changes to unicodeobject.c as well as stringobject.c. ........ ................ --- diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 20b803e83043..2f950d9d9bda 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -8584,6 +8584,15 @@ formatfloat(Py_UNICODE *buf, return -1; if (prec < 0) prec = 6; + /* make sure that the decimal representation of precision really does + need at most 10 digits: platforms with sizeof(int) == 8 exist! */ + if (prec > 0x7fffffffL) { + PyErr_SetString(PyExc_OverflowError, + "outrageously large precision " + "for formatted float"); + return -1; + } + if (type == 'f' && fabs(x) >= 1e50) type = 'g'; /* Worst case length calc to ensure no buffer overrun: