From d3203625c1b383850ec72de871eca2a45606308a Mon Sep 17 00:00:00 2001 From: Hans Dembinski Date: Wed, 15 Mar 2017 23:32:07 +0100 Subject: [PATCH] protect against too many args --- src/python/histogram.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/python/histogram.cpp b/src/python/histogram.cpp index bfde96c5..bdc3d6de 100644 --- a/src/python/histogram.cpp +++ b/src/python/histogram.cpp @@ -11,7 +11,6 @@ #include #include #include -#include #include #ifdef HAVE_NUMPY # define NO_IMPORT_ARRAY @@ -204,11 +203,19 @@ histogram_value(python::tuple args, python::dict kwargs) { using namespace python; const dynamic_histogram<>& self = extract&>(args[0]); - if (self.dim() != (len(args) - 1)) { + const unsigned dim = len(args) - 1; + if (self.dim() != dim) { PyErr_SetString(PyExc_RuntimeError, "wrong number of arguments"); throw_error_already_set(); } + if (dim >= BOOST_HISTOGRAM_AXIS_LIMIT) { + std::ostringstream os; + os << "too many axes, maximum is " << BOOST_HISTOGRAM_AXIS_LIMIT; + PyErr_SetString(PyExc_RuntimeError, os.str().c_str()); + throw_error_already_set(); + } + if (kwargs) { PyErr_SetString(PyExc_RuntimeError, "no keyword arguments allowed"); throw_error_already_set(); @@ -226,11 +233,19 @@ histogram_variance(python::tuple args, python::dict kwargs) { using namespace python; const dynamic_histogram<>& self = extract&>(args[0]); - if (self.dim() != (len(args) - 1)) { + const unsigned dim = len(args) - 1; + if (self.dim() != dim) { PyErr_SetString(PyExc_RuntimeError, "wrong number of arguments"); throw_error_already_set(); } + if (dim >= BOOST_HISTOGRAM_AXIS_LIMIT) { + std::ostringstream os; + os << "too many axes, maximum is " << BOOST_HISTOGRAM_AXIS_LIMIT; + PyErr_SetString(PyExc_RuntimeError, os.str().c_str()); + throw_error_already_set(); + } + if (kwargs) { PyErr_SetString(PyExc_RuntimeError, "no keyword arguments allowed"); throw_error_already_set();