]> granicus.if.org Git - python/commitdiff
Issue #532631: Add paranoid check to avoid potential buffer overflow
authorMark Dickinson <dickinsm@gmail.com>
Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
committerMark Dickinson <dickinsm@gmail.com>
Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
on systems with sizeof(int) > 4.

Objects/stringobject.c

index 3b5d331bed5cd2f1129d6a92fbedb342041d0f60..89614e6a3d6e26729b3e3f6270bb4a8744af4a93 100644 (file)
@@ -4344,6 +4344,15 @@ formatfloat(char *buf, size_t buflen, int flags,
        }
        if (prec < 0)
                prec = 6;
+       /* make sure that the decimal representation of precision really does
+          need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+       if (prec > 0x7fffffffL) {
+               PyErr_SetString(PyExc_OverflowError,
+                               "outrageously large precision "
+                               "for formatted float");
+               return -1;
+       }
+
        if (type == 'f' && fabs(x) >= 1e50)
                type = 'g';
        /* Worst case length calc to ensure no buffer overrun:
@@ -4372,7 +4381,7 @@ formatfloat(char *buf, size_t buflen, int flags,
        PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
                      (flags&F_ALT) ? "#" : "",
                      prec, type);
-        PyOS_ascii_formatd(buf, buflen, fmt, x);
+       PyOS_ascii_formatd(buf, buflen, fmt, x);
        return (int)strlen(buf);
 }