From: Serhiy Storchaka Date: Sun, 23 Jun 2013 17:22:09 +0000 (+0300) Subject: Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise X-Git-Tag: v2.7.6rc1~340 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ba908c72a0ae7fe08d308f9e5b751753ecf8b6eb;p=thirdparty%2FPython%2Fcpython.git Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise OverflowError when an argument of %c format is out of range. --- diff --git a/Misc/NEWS b/Misc/NEWS index d7e15f387802..09d252a1174a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -9,6 +9,9 @@ What's New in Python 2.7.6? Core and Builtins ----------------- +- Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise + OverflowError when an argument of %c format is out of range. + - Issue #18137: Detect integer overflow on precision in float.__format__() and complex.__format__(). diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 0ead06f242cd..64a5ef557c05 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -740,8 +740,25 @@ PyUnicode_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - (void)va_arg(count, int); + { + int ordinal = va_arg(count, int); +#ifdef Py_UNICODE_WIDE + if (ordinal < 0 || ordinal > 0x10ffff) { + PyErr_SetString(PyExc_OverflowError, + "%c arg not in range(0x110000) " + "(wide Python build)"); + goto fail; + } +#else + if (ordinal < 0 || ordinal > 0xffff) { + PyErr_SetString(PyExc_OverflowError, + "%c arg not in range(0x10000) " + "(narrow Python build)"); + goto fail; + } +#endif /* fall through... */ + } case '%': n++; break;