An interpreted, interactive, object-oriented programming language
CentOS Sources
2017-08-01 71084d584ff953f5463757ec6536406320560b4d
commit | author | age
f63228 1
CS 2 # HG changeset patch
3 # User Serhiy Storchaka <storchaka@gmail.com>
4 # Date 1372008129 -10800
5 # Node ID 2f1e8b7fa534b147280fdc9b92e44a7c7305338a
6 # Parent  8f0adcb66633ee97e4f7bdeee2104268113b86c3
7 Issue #18184: PyUnicode_FromFormat() and PyUnicode_FromFormatV() now raise
8 OverflowError when an argument of %c format is out of range.
9
10 diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
11 --- a/Objects/unicodeobject.c
12 +++ b/Objects/unicodeobject.c
13 @@ -740,8 +740,25 @@ PyUnicode_FromFormatV(const char *format
14  
15              switch (*f) {
16              case 'c':
17 -                (void)va_arg(count, int);
18 +            {
19 +                int ordinal = va_arg(count, int);
20 +#ifdef Py_UNICODE_WIDE
21 +                if (ordinal < 0 || ordinal > 0x10ffff) {
22 +                    PyErr_SetString(PyExc_OverflowError,
23 +                                    "%c arg not in range(0x110000) "
24 +                                    "(wide Python build)");
25 +                    goto fail;
26 +                }
27 +#else
28 +                if (ordinal < 0 || ordinal > 0xffff) {
29 +                    PyErr_SetString(PyExc_OverflowError,
30 +                                    "%c arg not in range(0x10000) "
31 +                                    "(narrow Python build)");
32 +                    goto fail;
33 +                }
34 +#endif
35                  /* fall through... */
36 +            }
37              case '%':
38                  n++;
39                  break;
40