Backported of:
From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
From: Jay Bosamiya <jaybosamiya@gmail.com>
Date: Sun, 18 Jun 2017 22:11:03 +0530
Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
PyString_DecodeEscape/PyBytes_DecodeEscape (#2174)
Index: python3.5-3.5.3/Objects/bytesobject.c
===================================================================
--- python3.5-3.5.3.orig/Objects/bytesobject.c
+++ python3.5-3.5.3/Objects/bytesobject.c
@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const cha
char *p, *buf;
const char *end;
PyObject *v;
- Py_ssize_t newlen = recode_encoding ? 4*len:len;
+ Py_ssize_t newlen;
+ /* Check for integer overflow */
+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
+ PyErr_SetString(PyExc_OverflowError, "string is too large");
+ return NULL;
+ }
+ newlen = recode_encoding ? 4*len:len;
v = PyBytes_FromStringAndSize((char *)NULL, newlen);
if (v == NULL)
return NULL;
distrib
>
Mageia
>
6
>
armv5tl
>
media
>
core-updates-src
>
by-pkgid
>
efcb73235fb23b22668709a574ebe861
>
files
>
23
