http://hg.python.org/cpython/rev/b378864d8ff3 changeset: 72459:b378864d8ff3 branch: 3.2 parent: 72457:db8027df8458 user: Mark Dickinson <mdickinson@enthought.com> date: Sat Sep 24 08:56:09 2011 +0100 summary: Issue #12973: Fix itertools bug caused by signed integer overflow. Thanks Stefan Krah. files: Misc/NEWS | 6 +++--- Modules/itertoolsmodule.c | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Misc/NEWS b/Misc/NEWS --- a/Misc/NEWS +++ b/Misc/NEWS @@ -17,9 +17,9 @@ - Issue #13021: Missing decref on an error path. Thanks to Suman Saha for finding the bug and providing a patch. -- Issue #12973: Fix overflow check that relied on undefined behaviour in - list_repeat. This bug caused test_list to fail with recent versions - of Clang. +- Issue #12973: Fix overflow checks that relied on undefined behaviour in + list_repeat (listobject.c) and islice_next (itertoolsmodule.c). These bugs + caused test failures with recent versions of Clang. - Issue #12802: the Windows error ERROR_DIRECTORY (numbered 267) is now mapped to POSIX errno ENOTDIR (previously EINVAL). diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c --- a/Modules/itertoolsmodule.c +++ b/Modules/itertoolsmodule.c @@ -1234,7 +1234,9 @@ return NULL; lz->cnt++; oldnext = lz->next; - lz->next += lz->step; + /* The (size_t) cast below avoids the danger of undefined + behaviour from signed integer overflow. */ + lz->next += (size_t)lz->step; if (lz->next < oldnext || (stop != -1 && lz->next > stop)) lz->next = stop; return item; -- Repository URL: http://hg.python.org/cpython