From fb90c0934c22041cad1fc4019c9853205befc967 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <mdickinson@enthought.com>
Date: Sun, 28 Oct 2012 10:18:03 +0000
Subject: Issue #14700: Fix buggy overflow checks for large precision and width
 in new-style and old-style formatting.

---
 Objects/unicodeobject.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Objects/unicodeobject.c')

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 1dd3a852f2..3ef9c9bbaf 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -9648,7 +9648,7 @@ PyObject *PyUnicode_Format(PyObject *format,
                     c = *fmt++;
                     if (c < '0' || c > '9')
                         break;
-                    if ((width*10) / 10 != width) {
+                    if (width > (PY_SSIZE_T_MAX - ((int)c - '0')) / 10) {
                         PyErr_SetString(PyExc_ValueError,
                                         "width too big");
                         goto onError;
@@ -9683,7 +9683,7 @@ PyObject *PyUnicode_Format(PyObject *format,
                         c = *fmt++;
                         if (c < '0' || c > '9')
                             break;
-                        if ((prec*10) / 10 != prec) {
+                        if (prec > (INT_MAX - ((int)c - '0')) / 10) {
                             PyErr_SetString(PyExc_ValueError,
                                             "prec too big");
                             goto onError;
-- 
cgit v1.2.1