Issue #532631: Add paranoid check to avoid potential buffer overflow

author Mark Dickinson <dickinsm@gmail.com>

Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)

committer Mark Dickinson <dickinsm@gmail.com>

Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
author Mark Dickinson <dickinsm@gmail.com>
Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
committer Mark Dickinson <dickinsm@gmail.com>
Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
diff --git a/Objects/stringobject.c b/Objects/stringobject.c

index 3b5d331bed5cd2f1129d6a92fbedb342041d0f60..89614e6a3d6e26729b3e3f6270bb4a8744af4a93 100644 (file)
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -4344,6 +4344,15 @@ formatfloat(char *buf, size_t buflen, int flags,
         }
         if (prec < 0)
                 prec = 6;
+       /* make sure that the decimal representation of precision really does
+          need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+       if (prec > 0x7fffffffL) {
+               PyErr_SetString(PyExc_OverflowError,
+                               "outrageously large precision "
+                               "for formatted float");
+               return -1;
+       }
+
         if (type == 'f' && fabs(x) >= 1e50)
                 type = 'g';
         /* Worst case length calc to ensure no buffer overrun:
@@ -4372,7 +4381,7 @@ formatfloat(char *buf, size_t buflen, int flags,
         PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
                       (flags&F_ALT) ? "#" : "",
                       prec, type);
-        PyOS_ascii_formatd(buf, buflen, fmt, x);
+       PyOS_ascii_formatd(buf, buflen, fmt, x);
         return (int)strlen(buf);
  }
author	Mark Dickinson <dickinsm@gmail.com>
	Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)
committer	Mark Dickinson <dickinsm@gmail.com>
	Sun, 29 Mar 2009 16:17:16 +0000 (16:17 +0000)