From: Mark Dickinson Date: Sun, 29 Mar 2009 16:34:21 +0000 (+0000) Subject: Merged revisions 70682,70684 via svnmerge from X-Git-Tag: v3.1a2~178 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4feda2abc287fcde4ac57364b0cad3756d534fb3;p=python Merged revisions 70682,70684 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r70682 | mark.dickinson | 2009-03-29 17:17:16 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Add paranoid check to avoid potential buffer overflow on systems with sizeof(int) > 4. ........ r70684 | mark.dickinson | 2009-03-29 17:24:29 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Apply floatformat changes to unicodeobject.c as well as stringobject.c. ........ --- diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index f15e7cd16b..4def53768c 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -8847,6 +8847,15 @@ formatfloat(Py_UNICODE *buf, return -1; if (prec < 0) prec = 6; + /* make sure that the decimal representation of precision really does + need at most 10 digits: platforms with sizeof(int) == 8 exist! */ + if (prec > 0x7fffffffL) { + PyErr_SetString(PyExc_OverflowError, + "outrageously large precision " + "for formatted float"); + return -1; + } + if (type == 'f' && fabs(x) >= 1e50) type = 'g'; /* Worst case length calc to ensure no buffer overrun: