diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-02-11 11:08:45 +0100 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-02-11 11:14:09 +0100 |
| commit | 1f42f82566c9d2d73aff1c42790d6b1b243f7676 (patch) | |
| tree | 427c70eeb027d84ee99094fffc5f2ca45d27daa4 /tests/utils_tests | |
| parent | f6f0f524c3c96830fdaf1b49ed4ca12d54d37c89 (diff) | |
[2.0.x] Fixed CVE-2019-6975 -- Fixed memory exhaustion in utils.numberformat.format().
Thanks Sjoerd Job Postmus for the report and initial patch.
Thanks Michael Manfre, Tim Graham, and Florian Apolloner for review.
Diffstat (limited to 'tests/utils_tests')
| -rw-r--r-- | tests/utils_tests/test_numberformat.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/utils_tests/test_numberformat.py b/tests/utils_tests/test_numberformat.py index 3b815adfb8..4e6a991cf4 100644 --- a/tests/utils_tests/test_numberformat.py +++ b/tests/utils_tests/test_numberformat.py @@ -75,6 +75,25 @@ class TestNumberFormat(TestCase): ) self.assertEqual(nformat(Decimal('3.'), '.'), '3') self.assertEqual(nformat(Decimal('3.0'), '.'), '3.0') + # Very large & small numbers. + tests = [ + ('9e9999', None, '9e+9999'), + ('9e9999', 3, '9.000e+9999'), + ('9e201', None, '9e+201'), + ('9e200', None, '9e+200'), + ('1.2345e999', 2, '1.23e+999'), + ('9e-999', None, '9e-999'), + ('1e-7', 8, '0.00000010'), + ('1e-8', 8, '0.00000001'), + ('1e-9', 8, '0.00000000'), + ('1e-10', 8, '0.00000000'), + ('1e-11', 8, '0.00000000'), + ('1' + ('0' * 300), 3, '1.000e+300'), + ('0.{}1234'.format('0' * 299), 3, '1.234e-300'), + ] + for value, decimal_pos, expected_value in tests: + with self.subTest(value=value): + self.assertEqual(nformat(Decimal(value), '.', decimal_pos), expected_value) def test_decimal_subclass(self): class EuroDecimal(Decimal): |