11
22/* New getargs implementation */
33
4- /* XXX There are several unchecked sprintf or strcat calls in this file.
5- XXX The only way these can become a danger is if some C code in the
6- XXX Python source (or in an extension) uses ridiculously long names
7- XXX or ridiculously deep nesting in format strings. */
8-
94#include "Python.h"
105
116#include <ctype.h>
@@ -140,7 +135,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
140135 if (max == 0 ) {
141136 if (args == NULL )
142137 return 1 ;
143- sprintf (msgbuf , "%s %s takes no arguments" ,
138+ sprintf (msgbuf , "%.200s %s takes no arguments" ,
144139 fname == NULL ? "function" : fname ,
145140 fname == NULL ? "" : "()" );
146141 PyErr_SetString (PyExc_TypeError , msgbuf );
@@ -149,7 +144,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
149144 else if (min == 1 && max == 1 ) {
150145 if (args == NULL ) {
151146 sprintf (msgbuf ,
152- "%s %s takes at least one argument" ,
147+ "%.200s %s takes at least one argument" ,
153148 fname == NULL ? "function" : fname ,
154149 fname == NULL ? "" : "()" );
155150 PyErr_SetString (PyExc_TypeError , msgbuf );
@@ -179,7 +174,7 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
179174 if (len < min || max < len ) {
180175 if (message == NULL ) {
181176 sprintf (msgbuf ,
182- "%s %s takes %s %d argument%s (%d given)" ,
177+ "%.150s %s takes %s %d argument%s (%d given)" ,
183178 fname == NULL ? "function" : fname ,
184179 fname == NULL ? "" : "()" ,
185180 min == max ? "exactly"
@@ -220,22 +215,22 @@ vgetargs1(PyObject *args, char *format, va_list *p_va, int compat)
220215static void
221216seterror (int iarg , char * msg , int * levels , char * fname , char * message )
222217{
223- char buf [256 ];
218+ char buf [512 ];
224219 int i ;
225220 char * p = buf ;
226221
227222 if (PyErr_Occurred ())
228223 return ;
229224 else if (message == NULL ) {
230225 if (fname != NULL ) {
231- sprintf (p , "%s () " , fname );
226+ sprintf (p , "%.200s () " , fname );
232227 p += strlen (p );
233228 }
234229 if (iarg != 0 ) {
235230 sprintf (p , "argument %d" , iarg );
236231 i = 0 ;
237232 p += strlen (p );
238- while (levels [i ] > 0 ) {
233+ while (levels [i ] > 0 && ( int )( p - buf ) < 220 ) {
239234 sprintf (p , ", item %d" , levels [i ]- 1 );
240235 p += strlen (p );
241236 i ++ ;
@@ -245,7 +240,7 @@ seterror(int iarg, char *msg, int *levels, char *fname, char *message)
245240 sprintf (p , "argument" );
246241 p += strlen (p );
247242 }
248- sprintf (p , " %s " , msg );
243+ sprintf (p , " %.256s " , msg );
249244 message = buf ;
250245 }
251246 PyErr_SetString (PyExc_TypeError , message );
@@ -300,8 +295,8 @@ converttuple(PyObject *arg, char **p_format, va_list *p_va, int *levels,
300295 if (!PySequence_Check (arg ) || PyString_Check (arg )) {
301296 levels [0 ] = 0 ;
302297 sprintf (msgbuf ,
303- toplevel ? "expected %d arguments, not %s " :
304- "must be %d-item sequence, not %s " ,
298+ toplevel ? "expected %d arguments, not %.50s " :
299+ "must be %d-item sequence, not %.50s " ,
305300 n , arg == Py_None ? "None" : arg -> ob_type -> tp_name );
306301 return msgbuf ;
307302 }
0 commit comments