Message229470
Benjamin, could you please first propose a patch for review instead of commiting directly your change? Especially for security related changes.
+ if (length > PY_SSIZE_T_MAX / 3 ||
+ length > PY_SIZE_MAX / (3 * sizeof(Py_UCS4))) {
+ PyErr_SetString(PyExc_OverflowError, "string is too long");
+ return NULL;
+ }
tmp = PyMem_MALLOC(sizeof(Py_UCS4) * 3 * length);
PyMem_MALLOC() returns NULL if the length is larger than PY_SSIZE_T_MAX, so the overflow check doesn't look correct. The overflow check can be replaced with:
if ((size_t)length > PY_SSIZE_T_MAX / (3 * sizeof(Py_UCS4))) ... |
|
Date |
User |
Action |
Args |
2014-10-15 16:10:29 | vstinner | set | recipients:
+ vstinner, benjamin.peterson, ezio.melotti, python-dev, serhiy.storchaka, pkt |
2014-10-15 16:10:29 | vstinner | set | messageid: <1413389429.25.0.689818804153.issue22643@psf.upfronthosting.co.za> |
2014-10-15 16:10:29 | vstinner | link | issue22643 messages |
2014-10-15 16:10:29 | vstinner | create | |
|