changeset:   94829:93244000efea
parent:      94826:6ccbcf1df7bd
parent:      94828:90f960e79c9e
user:        Benjamin Peterson <benjamin@python.org>
date:        Mon Mar 02 11:18:56 2015 -0500
files:       Misc/NEWS
description:
merge 3.4 (#23367)


diff -r 6ccbcf1df7bd -r 93244000efea Misc/NEWS
--- a/Misc/NEWS	Mon Mar 02 08:06:30 2015 -0800
+++ b/Misc/NEWS	Mon Mar 02 11:18:56 2015 -0500
@@ -78,6 +78,8 @@
 
 - Issue #23421: Fixed compression in tarfile CLI.  Patch by wdv4758h.
 
+- Issue #23367: Fix possible overflows in the unicodedata module.
+
 - Issue #23361: Fix possible overflow in Windows subprocess creation code.
 
 - logging.handlers.QueueListener now takes a respect_handler_level keyword
diff -r 6ccbcf1df7bd -r 93244000efea Modules/unicodedata.c
--- a/Modules/unicodedata.c	Mon Mar 02 08:06:30 2015 -0800
+++ b/Modules/unicodedata.c	Mon Mar 02 11:18:56 2015 -0500
@@ -553,10 +553,17 @@
 
     stackptr = 0;
     isize = PyUnicode_GET_LENGTH(input);
+    space = isize;
     /* Overallocate at most 10 characters. */
-    space = (isize > 10 ? 10 : isize) + isize;
+    if (space > 10) {
+        if (space <= PY_SSIZE_T_MAX - 10)
+            space += 10;
+    }
+    else {
+        space *= 2;
+    }
     osize = space;
-    output = PyMem_New(Py_UCS4, space);
+    output = PyMem_NEW(Py_UCS4, space);
     if (!output) {
         PyErr_NoMemory();
         return NULL;
@@ -703,7 +710,7 @@
     /* We allocate a buffer for the output.
        If we find that we made no changes, we still return
        the NFD result. */
-    output = PyMem_New(Py_UCS4, len);
+    output = PyMem_NEW(Py_UCS4, len);
     if (!output) {
         PyErr_NoMemory();
         Py_DECREF(result);