changeset:   97694:a29b49d57769
branch:      3.4
parent:      97687:2d4aac2ab253
user:        Steve Dower <steve.dower@microsoft.com>
date:        Sat Sep 05 20:55:34 2015 -0700
files:       Misc/NEWS Modules/timemodule.c
description:
Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.


diff -r 2d4aac2ab253 -r a29b49d57769 Misc/NEWS
--- a/Misc/NEWS	Sat Sep 05 19:13:26 2015 -0400
+++ b/Misc/NEWS	Sat Sep 05 20:55:34 2015 -0700
@@ -84,6 +84,8 @@
 - Issue #16180: Exit pdb if file has syntax error, instead of trapping user
   in an infinite loop.  Patch by Xavier de Gaye.
 
+- Issue #24917: time_strftime() Buffer Over-read. Patch by John Leitch.
+
 - Issue #21112: Fix regression in unittest.expectedFailure on subclasses.
   Patch from Berker Peksag.
 
diff -r 2d4aac2ab253 -r a29b49d57769 Modules/timemodule.c
--- a/Modules/timemodule.c	Sat Sep 05 19:13:26 2015 -0400
+++ b/Modules/timemodule.c	Sat Sep 05 20:55:34 2015 -0700
@@ -662,6 +662,12 @@
                             "format %y requires year >= 1900 on AIX");
             return NULL;
         }
+        else if (outbuf[1] == '\0')
+        {
+            PyErr_SetString(PyExc_ValueError, "Incomplete format string");
+            Py_DECREF(format);
+            return NULL;
+        }
     }
 #endif