mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-24 10:45:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)

Browse source 
The final addition (cur += step) may overflow, so use size_t for "cur".
"cur" is always positive (even for negative steps), so it is safe to use
size_t here.

Co-Authored-By: Martin Panter <vadmium+py@gmail.com>
This commit is contained in:
Zackery Spytz 2019-05-17 01:13:03 -06:00 committed by Serhiy Storchaka
parent 870b035bc6
commit 14514d9084
15 changed files with 45 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Objects/unicodeobject.c
View file

@ -13991,7 +13991,8 @@ unicode_subscript(PyObject* self, PyObject* item)
i += PyUnicode_GET_LENGTH(self);
return unicode_getitem(self, i);
} else if (PySlice_Check(item)) {
Py_ssize_t start, stop, step, slicelength, cur, i;
Py_ssize_t start, stop, step, slicelength, i;
size_t cur;
PyObject *result;
void *src_data, *dest_data;
int src_kind, dest_kind;