| commit | 4dbc30500218204eace01fa4d429f3087df5376f | [log] [tgz] |
|---|---|---|
| author | Serhiy Storchaka <storchaka@gmail.com> | Tue Jan 27 22:18:46 2015 +0200 |
| committer | Serhiy Storchaka <storchaka@gmail.com> | Tue Jan 27 22:18:46 2015 +0200 |
| tree | 4deec5fd49df021302a4ca3abe2756735077e5c6 | |
| parent | 119479f70550cf4323ba1eb8cdda88a47681362b [diff] [blame] |
Issue #23055: Fixed a buffer overflow in PyUnicode_FromFormatV. Analysis and fix by Guido Vranken.
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index e896aba..156316b 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c
@@ -2335,6 +2335,8 @@ f--; } } + if (width < precision) + width = precision; if (*f == '\0') { /* bogus format "%.1" => go backward, f points to "1" */ f--;