Commit 14658f60 authored by Benjamin Peterson's avatar Benjamin Peterson

prevent overflow in unicode_repr (closes #22520)

parent 8237a33e
...@@ -10,6 +10,9 @@ What's New in Python 3.3.6 release candidate 1? ...@@ -10,6 +10,9 @@ What's New in Python 3.3.6 release candidate 1?
Core and Builtins Core and Builtins
----------------- -----------------
- Issue #22520: Fix overflow checking when generating the repr of a unicode
object.
- Issue #22519: Fix overflow checking in PyBytes_Repr. - Issue #22519: Fix overflow checking in PyBytes_Repr.
- Issue #22518: Fix integer overflow issues in latin-1 encoding. - Issue #22518: Fix integer overflow issues in latin-1 encoding.
......
...@@ -12000,28 +12000,34 @@ unicode_repr(PyObject *unicode) ...@@ -12000,28 +12000,34 @@ unicode_repr(PyObject *unicode)
ikind = PyUnicode_KIND(unicode); ikind = PyUnicode_KIND(unicode);
for (i = 0; i < isize; i++) { for (i = 0; i < isize; i++) {
Py_UCS4 ch = PyUnicode_READ(ikind, idata, i); Py_UCS4 ch = PyUnicode_READ(ikind, idata, i);
Py_ssize_t incr = 1;
switch (ch) { switch (ch) {
case '\'': squote++; osize++; break; case '\'': squote++; break;
case '"': dquote++; osize++; break; case '"': dquote++; break;
case '\\': case '\t': case '\r': case '\n': case '\\': case '\t': case '\r': case '\n':
osize += 2; break; incr = 2;
break;
default: default:
/* Fast-path ASCII */ /* Fast-path ASCII */
if (ch < ' ' || ch == 0x7f) if (ch < ' ' || ch == 0x7f)
osize += 4; /* \xHH */ incr = 4; /* \xHH */
else if (ch < 0x7f) else if (ch < 0x7f)
osize++; ;
else if (Py_UNICODE_ISPRINTABLE(ch)) { else if (Py_UNICODE_ISPRINTABLE(ch))
osize++;
max = ch > max ? ch : max; max = ch > max ? ch : max;
}
else if (ch < 0x100) else if (ch < 0x100)
osize += 4; /* \xHH */ incr = 4; /* \xHH */
else if (ch < 0x10000) else if (ch < 0x10000)
osize += 6; /* \uHHHH */ incr = 6; /* \uHHHH */
else else
osize += 10; /* \uHHHHHHHH */ incr = 10; /* \uHHHHHHHH */
}
if (osize > PY_SSIZE_T_MAX - incr) {
PyErr_SetString(PyExc_OverflowError,
"string is too long to generate repr");
return NULL;
} }
osize += incr;
} }
quote = '\''; quote = '\'';
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment