Author vstinner
Recipients benjamin.peterson, ezio.melotti, pkt, python-dev, serhiy.storchaka, vstinner
Date 2014-10-15.16:10:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1413389429.25.0.689818804153.issue22643@psf.upfronthosting.co.za>
In-reply-to
Content
Benjamin, could you please first propose a patch for review instead of commiting directly your change? Especially for security related changes.

+    if (length > PY_SSIZE_T_MAX / 3 ||
+        length > PY_SIZE_MAX / (3 * sizeof(Py_UCS4))) {
+        PyErr_SetString(PyExc_OverflowError, "string is too long");
+        return NULL;
+    }
     tmp = PyMem_MALLOC(sizeof(Py_UCS4) * 3 * length);

PyMem_MALLOC() returns NULL if the length is larger than PY_SSIZE_T_MAX, so the overflow check doesn't look correct. The overflow check can be replaced with:

    if ((size_t)length > PY_SSIZE_T_MAX / (3 * sizeof(Py_UCS4))) ...
History
Date User Action Args
2014-10-15 16:10:29vstinnersetrecipients: + vstinner, benjamin.peterson, ezio.melotti, python-dev, serhiy.storchaka, pkt
2014-10-15 16:10:29vstinnersetmessageid: <1413389429.25.0.689818804153.issue22643@psf.upfronthosting.co.za>
2014-10-15 16:10:29vstinnerlinkissue22643 messages
2014-10-15 16:10:29vstinnercreate