From: Georg Brandl <georg@python.org>
Date: Thu, 12 Jul 2007 08:38:04 +0000 (+0000)
Subject: Patch #1673759: add a missing overflow check when formatting floats
X-Git-Tag: v2.5.2c1~245
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c5db92399467e0fbe08b3e4a12cd5cd7eb29218b;p=python

Patch #1673759: add a missing overflow check when formatting floats
with %G.
 (backport from rev. 56298)
---

diff --git a/Lib/test/test_format.py b/Lib/test/test_format.py
index fee3bf4a30..77670ada84 100644
--- a/Lib/test/test_format.py
+++ b/Lib/test/test_format.py
@@ -9,6 +9,7 @@ maxsize = MAX_Py_ssize_t
 # test on unicode strings as well
 
 overflowok = 1
+overflowrequired = 0
 
 def testformat(formatstr, args, output=None):
     if verbose:
@@ -25,11 +26,16 @@ def testformat(formatstr, args, output=None):
         if verbose:
             print 'overflow (this is fine)'
     else:
-        if output and result != output:
+        if overflowrequired:
             if verbose:
                 print 'no'
-            print "%s %% %s == %s != %s" %\
-                (repr(formatstr), repr(args), repr(result), repr(output))
+            print "overflow expected on %s %% %s" % \
+                  (repr(formatstr), repr(args))
+        elif output and result != output:
+            if verbose:
+                print 'no'
+            print "%s %% %s == %s != %s" % \
+                  (repr(formatstr), repr(args), repr(result), repr(output))
         else:
             if verbose:
                 print 'yes'
@@ -57,6 +63,14 @@ testboth("%#.*g", (110, -1.e+100/3.))
 # test some ridiculously large precision, expect overflow
 testboth('%12.*f', (123456, 1.0))
 
+# check for internal overflow validation on length of precision
+overflowrequired = 1
+testboth("%#.*g", (110, -1.e+100/3.))
+testboth("%#.*G", (110, -1.e+100/3.))
+testboth("%#.*f", (110, -1.e+100/3.))
+testboth("%#.*F", (110, -1.e+100/3.))
+overflowrequired = 0
+
 # Formatting of long integers. Overflow is not ok
 overflowok = 0
 testboth("%x", 10L, "a")
diff --git a/Misc/NEWS b/Misc/NEWS
index d9d2133eff..78205ef22a 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 2.5.2c1?
 Core and builtins
 -----------------
 
+- Patch #1673759: add a missing overflow check when formatting floats
+  with %G.
+
 - Patch #1733960: Allow T_LONGLONG to accept ints.
 
 - Prevent expandtabs() on string and unicode objects from causing a segfault
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index cee78a0089..5d343bdf99 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -4188,7 +4188,8 @@ formatfloat(char *buf, size_t buflen, int flags,
 	   always given), therefore increase the length by one.
 
 	*/
-	if ((type == 'g' && buflen <= (size_t)10 + (size_t)prec) ||
+	if (((type == 'g' || type == 'G') &&
+              buflen <= (size_t)10 + (size_t)prec) ||
 	    (type == 'f' && buflen <= (size_t)53 + (size_t)prec)) {
 		PyErr_SetString(PyExc_OverflowError,
 			"formatted float is too long (precision too large?)");
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 742db6ff52..6cc6541af5 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -7290,7 +7290,8 @@ formatfloat(Py_UNICODE *buf,
        always given), therefore increase the length by one.
 
     */
-    if ((type == 'g' && buflen <= (size_t)10 + (size_t)prec) ||
+    if (((type == 'g' || type == 'G') && 
+          buflen <= (size_t)10 + (size_t)prec) ||
 	(type == 'f' && buflen <= (size_t)53 + (size_t)prec)) {
 	PyErr_SetString(PyExc_OverflowError,
 			"formatted float is too long (precision too large?)");