Commit e1bd38c0 authored by Benjamin Peterson's avatar Benjamin Peterson

fix integer overflow in unicode case operations (closes #22643)

parent 77a75b3d
...@@ -661,6 +661,11 @@ class UnicodeTest(string_tests.CommonTest, ...@@ -661,6 +661,11 @@ class UnicodeTest(string_tests.CommonTest,
self.assertEqual('x'.center(4, '\U0010FFFF'), self.assertEqual('x'.center(4, '\U0010FFFF'),
'\U0010FFFFx\U0010FFFF\U0010FFFF') '\U0010FFFFx\U0010FFFF\U0010FFFF')
@unittest.skipUnless(sys.maxsize == 2**31 - 1, "requires 32-bit system")
def test_case_operation_overflow(self):
# Issue #22643
self.assertRaises(OverflowError, ("ü"*(2**32//12 + 1)).upper)
def test_contains(self): def test_contains(self):
# Testing Unicode contains method # Testing Unicode contains method
self.assertIn('a', 'abdb') self.assertIn('a', 'abdb')
......
...@@ -10,6 +10,9 @@ What's New in Python 3.3.6? ...@@ -10,6 +10,9 @@ What's New in Python 3.3.6?
Core and Builtins Core and Builtins
----------------- -----------------
- Issue #22643: Fix integer overflow in Unicode case operations (upper, lower,
title, swapcase, casefold).
- Issue #22518: Fixed integer overflow issues in "backslashreplace", - Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers. "xmlcharrefreplace", and "surrogatepass" error handlers.
......
...@@ -9484,6 +9484,11 @@ case_operation(PyObject *self, ...@@ -9484,6 +9484,11 @@ case_operation(PyObject *self,
kind = PyUnicode_KIND(self); kind = PyUnicode_KIND(self);
data = PyUnicode_DATA(self); data = PyUnicode_DATA(self);
length = PyUnicode_GET_LENGTH(self); length = PyUnicode_GET_LENGTH(self);
if (length > PY_SSIZE_T_MAX / 3 ||
length > PY_SIZE_MAX / (3 * sizeof(Py_UCS4))) {
PyErr_SetString(PyExc_OverflowError, "string is too long");
return NULL;
}
tmp = PyMem_MALLOC(sizeof(Py_UCS4) * 3 * length); tmp = PyMem_MALLOC(sizeof(Py_UCS4) * 3 * length);
if (tmp == NULL) if (tmp == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment