Skip to content

Commit 4cb4e4e

Browse files
committed
Fix segfault discovered by Ron Adam. Not checking for terminating right bracket in "'{0[}'.format(())". Fixed, and tests added.
1 parent f82d9b5 commit 4cb4e4e

2 files changed

Lines changed: 12 additions & 4 deletions

File tree

Lib/test/test_unicode.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -458,6 +458,7 @@ def __format__(self, format_spec):
458458
# weird field names
459459
self.assertEqual("{0[foo-bar]}".format({'foo-bar':'baz'}), 'baz')
460460
self.assertEqual("{0[foo bar]}".format({'foo bar':'baz'}), 'baz')
461+
self.assertEqual("{0[ ]}".format({' ':3}), '3')
461462

462463
self.assertEqual('{foo._x}'.format(foo=C(20)), '20')
463464
self.assertEqual('{1}{0}'.format(D(10), D(20)), '2010')
@@ -551,6 +552,7 @@ def __format__(self, format_spec):
551552
self.assertRaises(ValueError, "{0".format)
552553
self.assertRaises(ValueError, "{0.}".format)
553554
self.assertRaises(ValueError, "{0[}".format)
555+
self.assertRaises(ValueError, "{0[}".format, [])
554556
self.assertRaises(ValueError, "{0]}".format)
555557
self.assertRaises(ValueError, "{0.[]}".format)
556558
self.assertRaises(ValueError, "{0..foo}".format, 0)

Objects/stringlib/string_format.h

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -273,6 +273,7 @@ _FieldNameIterator_attr(FieldNameIterator *self, SubString *name)
273273
static int
274274
_FieldNameIterator_item(FieldNameIterator *self, SubString *name)
275275
{
276+
int bracket_seen = 0;
276277
STRINGLIB_CHAR c;
277278

278279
name->ptr = self->ptr;
@@ -281,12 +282,19 @@ _FieldNameIterator_item(FieldNameIterator *self, SubString *name)
281282
while (self->ptr < self->str.end) {
282283
switch (c = *self->ptr++) {
283284
case ']':
285+
bracket_seen = 1;
284286
break;
285287
default:
286288
continue;
287289
}
288290
break;
289291
}
292+
/* make sure we ended with a ']' */
293+
if (!bracket_seen) {
294+
PyErr_SetString(PyExc_ValueError, "Missing ']' in format string");
295+
return 0;
296+
}
297+
290298
/* end of string is okay */
291299
/* don't include the ']' */
292300
name->end = self->ptr-1;
@@ -305,16 +313,14 @@ FieldNameIterator_next(FieldNameIterator *self, int *is_attribute,
305313
switch (*self->ptr++) {
306314
case '.':
307315
*is_attribute = 1;
308-
if (_FieldNameIterator_attr(self, name) == 0) {
316+
if (_FieldNameIterator_attr(self, name) == 0)
309317
return 0;
310-
}
311318
*name_idx = -1;
312319
break;
313320
case '[':
314321
*is_attribute = 0;
315-
if (_FieldNameIterator_item(self, name) == 0) {
322+
if (_FieldNameIterator_item(self, name) == 0)
316323
return 0;
317-
}
318324
*name_idx = get_integer(name);
319325
break;
320326
default:

0 commit comments

Comments
 (0)