mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-07 07:31:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)

Browse source 
The final addition (cur += step) may overflow, so use size_t for "cur".
"cur" is always positive (even for negative steps), so it is safe to use
size_t here.

Co-Authored-By: Martin Panter <vadmium+py@gmail.com>
This commit is contained in:
Zackery Spytz 2019-05-17 01:13:03 -06:00 committed by Serhiy Storchaka
parent 870b035bc6
commit 14514d9084
15 changed files with 45 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Modules/arraymodule.c
View file

@ -2343,7 +2343,8 @@ array_subscr(arrayobject* self, PyObject* item)
return array_item(self, i);
}
else if (PySlice_Check(item)) {
Py_ssize_t start, stop, step, slicelength, cur, i;
Py_ssize_t start, stop, step, slicelength, i;
size_t cur;
PyObject* result;
arrayobject* ar;
int itemsize = self->ob_descr->itemsize;
@ -2527,7 +2528,8 @@ array_ass_subscr(arrayobject* self, PyObject* item, PyObject* value)
return 0;
}
else {
Py_ssize_t cur, i;
size_t cur;
Py_ssize_t i;
if (needed != slicelength) {
PyErr_Format(PyExc_ValueError,