Commit 4b168183 authored by Serhiy Storchaka's avatar Serhiy Storchaka

Issue #22518: Fixed integer overflow issues in "backslashreplace",

"xmlcharrefreplace", and "surrogatepass" error handlers.
parent 76e73f85
......@@ -10,6 +10,9 @@ What's New in Python 3.3.6?
Core and Builtins
-----------------
- Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers.
- Issue #22520: Fix overflow checking when generating the repr of a unicode
object.
......
......@@ -727,7 +727,7 @@ PyObject *PyCodec_XMLCharRefReplaceErrors(PyObject *exc)
Py_ssize_t end;
PyObject *res;
unsigned char *outp;
int ressize;
Py_ssize_t ressize;
Py_UCS4 ch;
if (PyUnicodeEncodeError_GetStart(exc, &start))
return NULL;
......@@ -735,6 +735,8 @@ PyObject *PyCodec_XMLCharRefReplaceErrors(PyObject *exc)
return NULL;
if (!(object = PyUnicodeEncodeError_GetObject(exc)))
return NULL;
if (end - start > PY_SSIZE_T_MAX / (2+7+1))
end = start + PY_SSIZE_T_MAX / (2+7+1);
for (i = start, ressize = 0; i < end; ++i) {
/* object is guaranteed to be "ready" */
ch = PyUnicode_READ_CHAR(object, i);
......@@ -823,7 +825,7 @@ PyObject *PyCodec_BackslashReplaceErrors(PyObject *exc)
Py_ssize_t end;
PyObject *res;
unsigned char *outp;
int ressize;
Py_ssize_t ressize;
Py_UCS4 c;
if (PyUnicodeEncodeError_GetStart(exc, &start))
return NULL;
......@@ -831,6 +833,8 @@ PyObject *PyCodec_BackslashReplaceErrors(PyObject *exc)
return NULL;
if (!(object = PyUnicodeEncodeError_GetObject(exc)))
return NULL;
if (end - start > PY_SSIZE_T_MAX / (1+1+8))
end = start + PY_SSIZE_T_MAX / (1+1+8);
for (i = start, ressize = 0; i < end; ++i) {
/* object is guaranteed to be "ready" */
c = PyUnicode_READ_CHAR(object, i);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment