26 lines
942 B
Diff
26 lines
942 B
Diff
From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
|
|
From: Jay Bosamiya <jaybosamiya@gmail.com>
|
|
Date: Sun, 18 Jun 2017 22:11:03 +0530
|
|
Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
|
|
PyString_DecodeEscape (#2174)
|
|
|
|
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
|
|
index 77dd45e..9b29dc3 100644
|
|
--- a/Objects/bytesobject.c
|
|
+++ b/Objects/bytesobject.c
|
|
@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
|
|
char *p, *buf;
|
|
const char *end;
|
|
PyObject *v;
|
|
- Py_ssize_t newlen = recode_encoding ? 4*len:len;
|
|
+ Py_ssize_t newlen;
|
|
+ /* Check for integer overflow */
|
|
+ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
|
|
+ PyErr_SetString(PyExc_OverflowError, "string is too large");
|
|
+ return NULL;
|
|
+ }
|
|
+ newlen = recode_encoding ? 4*len:len;
|
|
v = PyBytes_FromStringAndSize((char *)NULL, newlen);
|
|
if (v == NULL)
|
|
return NULL;
|