Commit 73c1241f authored by Benjamin Peterson's avatar Benjamin Peterson

fix possible overflow bugs in unicodedata (closes #23367)

parent d89fe57b
...@@ -16,6 +16,8 @@ Core and Builtins ...@@ -16,6 +16,8 @@ Core and Builtins
Library Library
------- -------
- Issue #23367: Fix possible overflows in the unicodedata module.
- Issue #23361: Fix possible overflow in Windows subprocess creation code. - Issue #23361: Fix possible overflow in Windows subprocess creation code.
- Issue #23363: Fix possible overflow in itertools.permutations. - Issue #23363: Fix possible overflow in itertools.permutations.
......
...@@ -507,10 +507,17 @@ nfd_nfkd(PyObject *self, PyObject *input, int k) ...@@ -507,10 +507,17 @@ nfd_nfkd(PyObject *self, PyObject *input, int k)
stackptr = 0; stackptr = 0;
isize = PyUnicode_GET_LENGTH(input); isize = PyUnicode_GET_LENGTH(input);
space = isize;
/* Overallocate at most 10 characters. */ /* Overallocate at most 10 characters. */
space = (isize > 10 ? 10 : isize) + isize; if (space > 10) {
if (space <= PY_SSIZE_T_MAX - 10)
space += 10;
}
else {
space *= 2;
}
osize = space; osize = space;
output = PyMem_Malloc(space * sizeof(Py_UCS4)); output = PyMem_NEW(Py_UCS4, space);
if (!output) { if (!output) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;
...@@ -657,7 +664,7 @@ nfc_nfkc(PyObject *self, PyObject *input, int k) ...@@ -657,7 +664,7 @@ nfc_nfkc(PyObject *self, PyObject *input, int k)
/* We allocate a buffer for the output. /* We allocate a buffer for the output.
If we find that we made no changes, we still return If we find that we made no changes, we still return
the NFD result. */ the NFD result. */
output = PyMem_Malloc(len * sizeof(Py_UCS4)); output = PyMem_NEW(Py_UCS4, len);
if (!output) { if (!output) {
PyErr_NoMemory(); PyErr_NoMemory();
Py_DECREF(result); Py_DECREF(result);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment