mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-09 16:34:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 17

bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)

Browse source 
The final addition (cur += step) may overflow, so use size_t for "cur".
"cur" is always positive (even for negative steps), so it is safe to use
size_t here.

Co-Authored-By: Martin Panter <vadmium+py@gmail.com>
This commit is contained in:
Zackery Spytz 2019-05-17 01:13:03 -06:00 committed by Serhiy Storchaka
parent 870b035bc6
commit 14514d9084
15 changed files with 45 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Objects/bytesobject.c
View file

@ -1677,7 +1677,8 @@ bytes_subscript(PyBytesObject* self, PyObject* item)
return PyLong_FromLong((unsigned char)self->ob_sval[i]);
}
else if (PySlice_Check(item)) {
Py_ssize_t start, stop, step, slicelength, cur, i;
Py_ssize_t start, stop, step, slicelength, i;
size_t cur;
char* source_buf;
char* result_buf;
PyObject* result;