Merged revisions 70682,70684 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r70682 | mark.dickinson | 2009-03-29 17:17:16 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Add paranoid check to avoid potential buffer overflow on systems with sizeof(int) > 4. ........ r70684 | mark.dickinson | 2009-03-29 17:24:29 +0100 (Sun, 29 Mar 2009) | 3 lines Issue #532631: Apply floatformat changes to unicodeobject.c as well as stringobject.c. ........

commit: 4feda2abc287fcde4ac57364b0cad3756d534fb3 [log] [tgz]
author: Mark Dickinson <dickinsm@gmail.com> Sun Mar 29 16:34:21 2009 +0000
committer: Mark Dickinson <dickinsm@gmail.com> Sun Mar 29 16:34:21 2009 +0000
tree: eafe9366256612b660cf6c68e0db8add3c6ed551
parent: c8a608c6668df607638d00771d70b778b91bca81 [diff] [blame]
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index f15e7cd..4def537 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c

@@ -8847,6 +8847,15 @@
         return -1;
     if (prec < 0)
         prec = 6;
+    /* make sure that the decimal representation of precision really does
+       need at most 10 digits: platforms with sizeof(int) == 8 exist! */
+    if (prec > 0x7fffffffL) {
+        PyErr_SetString(PyExc_OverflowError,
+                        "outrageously large precision "
+                        "for formatted float");
+        return -1;
+    }
+
     if (type == 'f' && fabs(x) >= 1e50)
         type = 'g';
     /* Worst case length calc to ensure no buffer overrun:
commit	4feda2abc287fcde4ac57364b0cad3756d534fb3	[log] [tgz]
author	Mark Dickinson <dickinsm@gmail.com>	Sun Mar 29 16:34:21 2009 +0000
committer	Mark Dickinson <dickinsm@gmail.com>	Sun Mar 29 16:34:21 2009 +0000
tree	eafe9366256612b660cf6c68e0db8add3c6ed551
parent	c8a608c6668df607638d00771d70b778b91bca81 [diff] [blame]