From: Victor Stinner <victor.stinner@gmail.com>
Date: Sun, 23 Jun 2013 12:56:57 +0000 (+0200)
Subject: Issue #18137: Detect integer overflow on precision in float.__format__()
X-Git-Tag: v2.7.6rc1~343
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=760388100e2cc21c5d58a9014db5426e6107b5e4;p=thirdparty%2FPython%2Fcpython.git

Issue #18137: Detect integer overflow on precision in float.__format__()
and complex.__format__().
---

diff --git a/Lib/test/test_format.py b/Lib/test/test_format.py
index dd30efabb6c0..0ad8b02d7b58 100644
--- a/Lib/test/test_format.py
+++ b/Lib/test/test_format.py
@@ -302,6 +302,23 @@ class FormatTest(unittest.TestCase):
 def test_main():
     test_support.run_unittest(FormatTest)
 
+    def test_precision(self):
+        INT_MAX = 2147483647
+
+        f = 1.2
+        self.assertEqual(format(f, ".0f"), "1")
+        self.assertEqual(format(f, ".3f"), "1.200")
+        with self.assertRaises(ValueError) as cm:
+            format(f, ".%sf" % (INT_MAX + 1))
+        self.assertEqual(str(cm.exception), "precision too big")
+
+        c = complex(f)
+        self.assertEqual(format(f, ".0f"), "1")
+        self.assertEqual(format(f, ".3f"), "1.200")
+        with self.assertRaises(ValueError) as cm:
+            format(f, ".%sf" % (INT_MAX + 1))
+        self.assertEqual(str(cm.exception), "precision too big")
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/Misc/NEWS b/Misc/NEWS
index 941818340ca4..b45536689595 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,9 @@ What's New in Python 2.7.6?
 Core and Builtins
 -----------------
 
+- Issue #18137: Detect integer overflow on precision in float.__format__()
+  and complex.__format__().
+
 - Issue #18038: SyntaxError raised during compilation sources with illegal
   encoding now always contains an encoding name.
 
diff --git a/Objects/stringlib/formatter.h b/Objects/stringlib/formatter.h
index 6b282249b179..fd227511f36e 100644
--- a/Objects/stringlib/formatter.h
+++ b/Objects/stringlib/formatter.h
@@ -928,7 +928,7 @@ format_float_internal(PyObject *value,
     Py_ssize_t n_total;
     int has_decimal;
     double val;
-    Py_ssize_t precision = format->precision;
+    Py_ssize_t precision;
     Py_ssize_t default_precision = 6;
     STRINGLIB_CHAR type = format->type;
     int add_pct = 0;
@@ -947,6 +947,12 @@ format_float_internal(PyObject *value,
        from a hard-code pseudo-locale */
     LocaleInfo locale;
 
+    if (format->precision > INT_MAX) {
+        PyErr_SetString(PyExc_ValueError, "precision too big");
+        goto done;
+    }
+    precision = (int)format->precision;
+
     /* Alternate is not allowed on floats. */
     if (format->alternate) {
         PyErr_SetString(PyExc_ValueError,
@@ -1078,7 +1084,7 @@ format_complex_internal(PyObject *value,
     Py_ssize_t n_im_total;
     int re_has_decimal;
     int im_has_decimal;
-    Py_ssize_t precision = format->precision;
+    Py_ssize_t precision;
     Py_ssize_t default_precision = 6;
     STRINGLIB_CHAR type = format->type;
     STRINGLIB_CHAR *p_re;
@@ -1107,6 +1113,12 @@ format_complex_internal(PyObject *value,
        from a hard-code pseudo-locale */
     LocaleInfo locale;
 
+    if (format->precision > INT_MAX) {
+        PyErr_SetString(PyExc_ValueError, "precision too big");
+        goto done;
+    }
+    precision = (int)format->precision;
+
     /* Alternate is not allowed on complex. */
     if (format->alternate) {
         PyErr_SetString(PyExc_ValueError,