mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-22 09:45:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

SF patch 514641 (Naofumi Honda) - Negative ob_size of LongObjects

Browse source 
Due to the bizarre definition of _PyLong_Copy(), creating an instance
of a subclass of long with a negative value could cause core dumps
later on.  Unfortunately it looks like the behavior of _PyLong_Copy()
is quite intentional, so the fix is more work than feels comfortable.

This fix is almost, but not quite, the code that Naofumi Honda added;
in addition, I added a test case.
This commit is contained in:
Guido van Rossum 2002-03-01 22:24:49 +00:00
parent 6f33250ef9
commit 2eb0b87d14
4 changed files with 23 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Objects/object.c
View file

@ -1191,8 +1191,14 @@ _PyObject_GetDictPtr(PyObject *obj)
if (dictoffset == 0)
return NULL;
if (dictoffset < 0) {
const size_t size = _PyObject_VAR_SIZE(tp,
((PyVarObject *)obj)->ob_size);
int tsize;
size_t size;
tsize = ((PyVarObject *)obj)->ob_size;
if (tsize < 0)
tsize = -tsize;
size = _PyObject_VAR_SIZE(tp, tsize);
dictoffset += (long)size;
assert(dictoffset > 0);
assert(dictoffset % SIZEOF_VOID_P == 0);