From: Benjamin Peterson Date: Sun, 14 Aug 2016 01:15:28 +0000 (-0700) Subject: do not allow reading negative values with getstr() X-Git-Tag: v2.7.13rc1~217 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f670120cb76f0aa66ec29c683e740eddcf45ca4a;p=python do not allow reading negative values with getstr() --- diff --git a/Lib/test/test_curses.py b/Lib/test/test_curses.py index e08fe12adf..ce5f2a5e83 100644 --- a/Lib/test/test_curses.py +++ b/Lib/test/test_curses.py @@ -185,6 +185,9 @@ class TestCurses(unittest.TestCase): if hasattr(curses, 'enclose'): stdscr.enclose() + self.assertRaises(ValueError, stdscr.getstr, -400) + self.assertRaises(ValueError, stdscr.getstr, 2, 3, -400) + def test_module_funcs(self): "Test module-level functions" diff --git a/Misc/NEWS b/Misc/NEWS index c25d682842..bd6d212bb1 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -29,6 +29,9 @@ Core and Builtins Library ------- +- In the curses module, raise an error if window.getstr() is passed a negative + value. + - Issue #27758: Fix possible integer overflow in the _csv module for large record lengths. diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c index b914e5f681..d0d747986d 100644 --- a/Modules/_cursesmodule.c +++ b/Modules/_cursesmodule.c @@ -918,6 +918,10 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) case 1: if (!PyArg_ParseTuple(args,"i;n", &n)) return NULL; + if (n < 0) { + PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative"); + return NULL; + } Py_BEGIN_ALLOW_THREADS rtn2 = wgetnstr(self->win,rtn,MIN(n, 1023)); Py_END_ALLOW_THREADS @@ -936,6 +940,10 @@ PyCursesWindow_GetStr(PyCursesWindowObject *self, PyObject *args) case 3: if (!PyArg_ParseTuple(args,"iii;y,x,n", &y, &x, &n)) return NULL; + if (n < 0) { + PyErr_SetString(PyExc_ValueError, "'n' must be nonnegative"); + return NULL; + } #ifdef STRICT_SYSV_CURSES Py_BEGIN_ALLOW_THREADS rtn2 = wmove(self->win,y,x)==ERR ? ERR :