bpo-35552: Fix reading past the end in PyUnicode_FromFormat() and PyBytes_FromFormat(). (GH-11276) Format characters "%s" and "%V" in PyUnicode_FromFormat() and "%s" in PyBytes_FromFormat() no longer read memory past the limit if precision is specified. (cherry picked from commit d586ccb04f79863c819b212ec5b9d873964078e4) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>

commit: cbc7c2c791185ad44b4b3ede72309df5f252f4cb [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sat Jan 12 00:52:55 2019 -0800
committer: GitHub <noreply@github.com> Sat Jan 12 00:52:55 2019 -0800
tree: 9b7e2027e156fc4d7d735180bbafd9a1d9115f89
parent: d39c19255910b9dce08c595f511597e98b09e91f [diff] [blame]
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 35c8a24..b67ffac 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c

@@ -2579,9 +2579,15 @@
     PyObject *unicode;
     int res;
 
-    length = strlen(str);
-    if (precision != -1)
-        length = Py_MIN(length, precision);
+    if (precision == -1) {
+        length = strlen(str);
+    }
+    else {
+        length = 0;
+        while (length < precision && str[length]) {
+            length++;
+        }
+    }
     unicode = PyUnicode_DecodeUTF8Stateful(str, length, "replace", NULL);
     if (unicode == NULL)
         return -1;
commit	cbc7c2c791185ad44b4b3ede72309df5f252f4cb	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Sat Jan 12 00:52:55 2019 -0800
committer	GitHub <noreply@github.com>	Sat Jan 12 00:52:55 2019 -0800
tree	9b7e2027e156fc4d7d735180bbafd9a1d9115f89
parent	d39c19255910b9dce08c595f511597e98b09e91f [diff] [blame]