Issue #532631: Add paranoid check to avoid potential buffer overflow
on systems with sizeof(int) > 4.
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 3b5d331..89614e6 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -4344,6 +4344,15 @@
}
if (prec < 0)
prec = 6;
+ /* make sure that the decimal representation of precision really does
+ need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+ if (prec > 0x7fffffffL) {
+ PyErr_SetString(PyExc_OverflowError,
+ "outrageously large precision "
+ "for formatted float");
+ return -1;
+ }
+
if (type == 'f' && fabs(x) >= 1e50)
type = 'g';
/* Worst case length calc to ensure no buffer overrun:
@@ -4372,7 +4381,7 @@
PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
(flags&F_ALT) ? "#" : "",
prec, type);
- PyOS_ascii_formatd(buf, buflen, fmt, x);
+ PyOS_ascii_formatd(buf, buflen, fmt, x);
return (int)strlen(buf);
}