re-merge r69268 (issue4804) from trunk:

Now that the C runtime assertions are not silenced any more,
we must provide checks for the format string of strftime

diff --git a/Modules/timemodule.c b/Modules/timemodule.c
index 7e180862bb59aa55bcef0f43e1f1ec26d691c90b..27272977922cc1225d968c2886a9e8aa658bc565 100644 (file)
--- a/Modules/timemodule.c
+++ b/Modules/timemodule.c
@@ -513,6 +513,24 @@ time_strftime(PyObject *self, PyObject *args)
        if (format == NULL)
                return NULL;
        fmt = PyBytes_AS_STRING(format);
+
+#ifdef MS_WINDOWS
+       /* check that the format string contains only valid directives */
+       for(outbuf = strchr(fmt, '%');
+               outbuf != NULL;
+               outbuf = strchr(outbuf+2, '%'))
+       {
+               if (outbuf[1]=='#')
+                       ++outbuf; /* not documented by python, */
+               if (outbuf[1]=='\0' ||
+                       !strchr("aAbBcdfHIjmMpSUwWxXyYzZ%", outbuf[1]))
+               {
+                       PyErr_SetString(PyExc_ValueError, "Invalid format string");
+                       return 0;
+               }
+       }
+#endif
+
        fmtlen = strlen(fmt);
 
        /* I hate these functions that presume you know how big the output