changeset:   94830:3019effc44f2
branch:      2.7
parent:      94822:f57af1b337ca
user:        Benjamin Peterson <benjamin@python.org>
date:        Mon Mar 02 11:17:05 2015 -0500
files:       Misc/NEWS Modules/unicodedata.c
description:
fix possible overflow bugs in unicodedata (closes #23367)


diff -r f57af1b337ca -r 3019effc44f2 Misc/NEWS
--- a/Misc/NEWS	Mon Mar 02 09:34:31 2015 -0500
+++ b/Misc/NEWS	Mon Mar 02 11:17:05 2015 -0500
@@ -50,6 +50,8 @@
   posixpath.expandvars().  Fixed all os.path implementations on
   unicode-disabled builds.
 
+- Issue #23367: Fix possible overflows in the unicodedata module.
+
 - Issue #23363: Fix possible overflow in itertools.permutations.
 
 - Issue #23364: Fix possible overflow in itertools.product.
diff -r f57af1b337ca -r 3019effc44f2 Modules/unicodedata.c
--- a/Modules/unicodedata.c	Mon Mar 02 09:34:31 2015 -0500
+++ b/Modules/unicodedata.c	Mon Mar 02 11:17:05 2015 -0500
@@ -506,8 +506,15 @@
 
     stackptr = 0;
     isize = PyUnicode_GET_SIZE(input);
+    space = isize;
     /* Overallocate at most 10 characters. */
-    space = (isize > 10 ? 10 : isize) + isize;
+    if (space > 10) {
+        if (space <= PY_SSIZE_T_MAX - 10)
+            space += 10;
+    }
+    else {
+        space *= 2;
+    }
     result = PyUnicode_FromUnicode(NULL, space);
     if (!result)
         return NULL;