summaryrefslogtreecommitdiff
path: root/Objects/stringlib
diff options
context:
space:
mode:
authorEric Smith <eric@trueblade.com>2007-09-03 08:40:29 +0000
committerEric Smith <eric@trueblade.com>2007-09-03 08:40:29 +0000
commit4cb4e4e882dcff50ffd2f5478ae63522657d7ce3 (patch)
tree0eeb9eaa7311e6c51c3686b7500fc69e1f6fda11 /Objects/stringlib
parentf82d9b52fae475a132a21d1b7174730f17b735de (diff)
downloadcpython-git-4cb4e4e882dcff50ffd2f5478ae63522657d7ce3.tar.gz
Fix segfault discovered by Ron Adam. Not checking for terminating right bracket in "'{0[}'.format(())". Fixed, and tests added.
Diffstat (limited to 'Objects/stringlib')
-rw-r--r--Objects/stringlib/string_format.h14
1 files changed, 10 insertions, 4 deletions
diff --git a/Objects/stringlib/string_format.h b/Objects/stringlib/string_format.h
index dbd01d3e7e..de700f618b 100644
--- a/Objects/stringlib/string_format.h
+++ b/Objects/stringlib/string_format.h
@@ -273,6 +273,7 @@ _FieldNameIterator_attr(FieldNameIterator *self, SubString *name)
static int
_FieldNameIterator_item(FieldNameIterator *self, SubString *name)
{
+ int bracket_seen = 0;
STRINGLIB_CHAR c;
name->ptr = self->ptr;
@@ -281,12 +282,19 @@ _FieldNameIterator_item(FieldNameIterator *self, SubString *name)
while (self->ptr < self->str.end) {
switch (c = *self->ptr++) {
case ']':
+ bracket_seen = 1;
break;
default:
continue;
}
break;
}
+ /* make sure we ended with a ']' */
+ if (!bracket_seen) {
+ PyErr_SetString(PyExc_ValueError, "Missing ']' in format string");
+ return 0;
+ }
+
/* end of string is okay */
/* don't include the ']' */
name->end = self->ptr-1;
@@ -305,16 +313,14 @@ FieldNameIterator_next(FieldNameIterator *self, int *is_attribute,
switch (*self->ptr++) {
case '.':
*is_attribute = 1;
- if (_FieldNameIterator_attr(self, name) == 0) {
+ if (_FieldNameIterator_attr(self, name) == 0)
return 0;
- }
*name_idx = -1;
break;
case '[':
*is_attribute = 0;
- if (_FieldNameIterator_item(self, name) == 0) {
+ if (_FieldNameIterator_item(self, name) == 0)
return 0;
- }
*name_idx = get_integer(name);
break;
default:
View Lorry Controller Status