[2.7] bpo-30657: Check & prevent integer overflow in PyString_DecodeEscape (#2174)

commit: c3c9db89273fabc62ea1b48389d9a3000c1c03ae [log] [tgz]
author: Jay Bosamiya <jaybosamiya@gmail.com> Sun Jun 18 22:11:03 2017 +0530
committer: Serhiy Storchaka <storchaka@gmail.com> Sun Jun 18 19:41:03 2017 +0300
tree: 4d82a89c33bb16f5ce99fa49ee7d5604ba211433
parent: 24c2c20873dc800c99d1dabf26419b40cadfe627 [diff] [blame]
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index c78e193..59d22e7 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c

@@ -612,7 +612,13 @@
     char *p, *buf;
     const char *end;
     PyObject *v;
-    Py_ssize_t newlen = recode_encoding ? 4*len:len;
+    Py_ssize_t newlen;
+    /* Check for integer overflow */
+    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
+        PyErr_SetString(PyExc_OverflowError, "string is too large");
+        return NULL;
+    }
+    newlen = recode_encoding ? 4*len:len;
     v = PyString_FromStringAndSize((char *)NULL, newlen);
     if (v == NULL)
         return NULL;
commit	c3c9db89273fabc62ea1b48389d9a3000c1c03ae	[log] [tgz]
author	Jay Bosamiya <jaybosamiya@gmail.com>	Sun Jun 18 22:11:03 2017 +0530
committer	Serhiy Storchaka <storchaka@gmail.com>	Sun Jun 18 19:41:03 2017 +0300
tree	4d82a89c33bb16f5ce99fa49ee7d5604ba211433
parent	24c2c20873dc800c99d1dabf26419b40cadfe627 [diff] [blame]