Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3675cd9

Browse files
benjaminpbenjaminp
committed
merge 3.3 (#23369)
2 parents 3a43d06 + e3bfe19 commit 3675cd9

3 files changed

Lines changed: 22 additions & 5 deletions

File tree

Lib/test/test_json/test_encode_basestring_ascii.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
from collections import OrderedDict
22
from test.test_json import PyTest, CTest
3+
from test.support import bigaddrspacetest
34

45

56
CASES = [
@@ -41,4 +42,10 @@ def test_sorted_dict(self):
4142

4243

4344
class TestPyEncodeBasestringAscii(TestEncodeBasestringAscii, PyTest): pass
44-
class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest): pass
45+
class TestCEncodeBasestringAscii(TestEncodeBasestringAscii, CTest):
46+
@bigaddrspacetest
47+
def test_overflow(self):
48+
s = "\uffff"*((2**32)//6 + 1)
49+
with self.assertRaises(OverflowError):
50+
self.json.encoder.encode_basestring_ascii(s)
51+

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,9 @@ Core and Builtins
5050
Library
5151
-------
5252

53+
- Issue #23369: Fixed possible integer overflow in
54+
_json.encode_basestring_ascii.
55+
5356
- Issue #23353: Fix the exception handling of generators in
5457
PyEval_EvalFrameEx(). At entry, save or swap the exception state even if
5558
PyEval_EvalFrameEx() is called with throwflag=0. At exit, the exception state

Modules/_json.c

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -182,17 +182,24 @@ ascii_escape_unicode(PyObject *pystr)
182182
/* Compute the output size */
183183
for (i = 0, output_size = 2; i < input_chars; i++) {
184184
Py_UCS4 c = PyUnicode_READ(kind, input, i);
185-
if (S_CHAR(c))
186-
output_size++;
185+
Py_ssize_t d;
186+
if (S_CHAR(c)) {
187+
d = 1;
188+
}
187189
else {
188190
switch(c) {
189191
case '\\': case '"': case '\b': case '\f':
190192
case '\n': case '\r': case '\t':
191-
output_size += 2; break;
193+
d = 2; break;
192194
default:
193-
output_size += c >= 0x10000 ? 12 : 6;
195+
d = c >= 0x10000 ? 12 : 6;
194196
}
195197
}
198+
if (output_size > PY_SSIZE_T_MAX - d) {
199+
PyErr_SetString(PyExc_OverflowError, "string is too long to escape");
200+
return NULL;
201+
}
202+
output_size += d;
196203
}
197204

198205
rval = PyUnicode_New(output_size, 127);

0 commit comments

Comments
 (0)