bpo-35552: Fix reading past the end in PyUnicode_FromFormat() and PyBytes_FromFormat(). (GH-11276) Format characters "%s" and "%V" in PyUnicode_FromFormat() and "%s" in PyBytes_FromFormat() no longer read memory past the limit if precision is specified.

commit: d586ccb04f79863c819b212ec5b9d873964078e4 [log] [tgz]
author: Serhiy Storchaka <storchaka@gmail.com> Sat Jan 12 10:30:35 2019 +0200
committer: GitHub <noreply@github.com> Sat Jan 12 10:30:35 2019 +0200
tree: 8b2d20f04b4b3867654a608a8ad8d54360acc367
parent: f1ec3cefad4639797c37eaa8c074830188fa0a44 [diff] [blame]
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 304ea74..f1d23b6 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c

@@ -2578,9 +2578,15 @@
     PyObject *unicode;
     int res;
 
-    length = strlen(str);
-    if (precision != -1)
-        length = Py_MIN(length, precision);
+    if (precision == -1) {
+        length = strlen(str);
+    }
+    else {
+        length = 0;
+        while (length < precision && str[length]) {
+            length++;
+        }
+    }
     unicode = PyUnicode_DecodeUTF8Stateful(str, length, "replace", NULL);
     if (unicode == NULL)
         return -1;
commit	d586ccb04f79863c819b212ec5b9d873964078e4	[log] [tgz]
author	Serhiy Storchaka <storchaka@gmail.com>	Sat Jan 12 10:30:35 2019 +0200
committer	GitHub <noreply@github.com>	Sat Jan 12 10:30:35 2019 +0200
tree	8b2d20f04b4b3867654a608a8ad8d54360acc367
parent	f1ec3cefad4639797c37eaa8c074830188fa0a44 [diff] [blame]