diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-02-11 11:08:45 +0100 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-02-11 11:08:45 +0100 |
| commit | 402c0caa851e265410fbcaa55318f22d2bf22ee2 (patch) | |
| tree | 33014c300d325d9b688c2a8ee0745835622c54f9 /tests/utils_tests/test_numberformat.py | |
| parent | c901a1775b63b5abc50e46aaee0c074d9bb3c481 (diff) | |
Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Diffstat (limited to 'tests/utils_tests/test_numberformat.py')
| -rw-r--r-- | tests/utils_tests/test_numberformat.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/utils_tests/test_numberformat.py b/tests/utils_tests/test_numberformat.py index b78b37551d..3d656025ab 100644 --- a/tests/utils_tests/test_numberformat.py +++ b/tests/utils_tests/test_numberformat.py @@ -80,6 +80,25 @@ class TestNumberFormat(SimpleTestCase): ) self.assertEqual(nformat(Decimal('3.'), '.'), '3') self.assertEqual(nformat(Decimal('3.0'), '.'), '3.0') + # Very large & small numbers. + tests = [ + ('9e9999', None, '9e+9999'), + ('9e9999', 3, '9.000e+9999'), + ('9e201', None, '9e+201'), + ('9e200', None, '9e+200'), + ('1.2345e999', 2, '1.23e+999'), + ('9e-999', None, '9e-999'), + ('1e-7', 8, '0.00000010'), + ('1e-8', 8, '0.00000001'), + ('1e-9', 8, '0.00000000'), + ('1e-10', 8, '0.00000000'), + ('1e-11', 8, '0.00000000'), + ('1' + ('0' * 300), 3, '1.000e+300'), + ('0.{}1234'.format('0' * 299), 3, '1.234e-300'), + ] + for value, decimal_pos, expected_value in tests: + with self.subTest(value=value): + self.assertEqual(nformat(Decimal(value), '.', decimal_pos), expected_value) def test_decimal_subclass(self): class EuroDecimal(Decimal): |