Serhiy Storchaka <storch...@gmail.com> added the comment:
> Serhiy: FYI we use the versions field to indicate which versions the fix will
> be made in, not which versions the bug occurs in. Since only 2.7, 3.2, and
> 3.3 get bug fixes, I've changed the versions field to be just those three.
> (3.1 and 2.6 are still in the list because they get *security* fixes, but
> those are rare.)
Well, David, I understand. This ridiculous bug is unlikely security
issue.
Here is a patch that fixes this bug.
----------
keywords: +patch
Added file:
http://bugs.python.org/file25426/pyunicode_format_integer_overflow.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue14700>
_______________________________________
diff -r 6e541ed4e987 Objects/unicodeobject.c
--- a/Objects/unicodeobject.c Mon Apr 30 19:11:11 2012 +0300
+++ b/Objects/unicodeobject.c Mon Apr 30 20:42:31 2012 +0300
@@ -13799,7 +13799,7 @@
c = PyUnicode_READ(fmtkind, fmt, fmtpos++);
if (c < '0' || c > '9')
break;
- if ((width*10) / 10 != width) {
+ if (width >= PY_SSIZE_T_MAX / 10) {
PyErr_SetString(PyExc_ValueError,
"width too big");
goto onError;
@@ -13834,7 +13834,7 @@
c = PyUnicode_READ(fmtkind, fmt, fmtpos++);
if (c < '0' || c > '9')
break;
- if ((prec*10) / 10 != prec) {
+ if (prec >= INT_MAX / 10) {
PyErr_SetString(PyExc_ValueError,
"prec too big");
goto onError;
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
