From ba908c72a0ae7fe08d308f9e5b751753ecf8b6eb Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Sun, 23 Jun 2013 20:22:09 +0300 Subject: [PATCH] Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise OverflowError when an argument of %c format is out of range. --- Misc/NEWS | 3 +++ Objects/unicodeobject.c | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS b/Misc/NEWS index d7e15f387802..09d252a1174a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -9,6 +9,9 @@ What's New in Python 2.7.6? Core and Builtins ----------------- +- Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise + OverflowError when an argument of %c format is out of range. + - Issue #18137: Detect integer overflow on precision in float.__format__() and complex.__format__(). diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 0ead06f242cd..64a5ef557c05 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -740,8 +740,25 @@ PyUnicode_FromFormatV(const char *format, va_list vargs) switch (*f) { case 'c': - (void)va_arg(count, int); + { + int ordinal = va_arg(count, int); +#ifdef Py_UNICODE_WIDE + if (ordinal < 0 || ordinal > 0x10ffff) { + PyErr_SetString(PyExc_OverflowError, + "%c arg not in range(0x110000) " + "(wide Python build)"); + goto fail; + } +#else + if (ordinal < 0 || ordinal > 0xffff) { + PyErr_SetString(PyExc_OverflowError, + "%c arg not in range(0x10000) " + "(narrow Python build)"); + goto fail; + } +#endif /* fall through... */ + } case '%': n++; break; -- 2.47.3