[New-bugs-announce] [issue44068] Possible divide by zero problems

yiyuaner report at bugs.python.org
Fri May 7 11:00:44 EDT 2021

New submission from yiyuaner <yguoaz at gmail.com>:

In the file Objects/unicodeobject.c, we have the following code:

static PyObject*
resize_compact(PyObject *unicode, Py_ssize_t length) {
  char_size = PyUnicode_KIND(unicode);
  if (length > ((PY_SSIZE_T_MAX - struct_size) / char_size - 1)) {
    return NULL;

However, PyUnicode_KIND may return 0 if the variable unicode has kind PyUnicode_WCHAR_KIND, leading to a divide by zero problem.

The same pattern is also used without checking in function "static int
resize_inplace(PyObject *unicode, Py_ssize_t length)".

Here is the link to the code location: https://github.com/python/cpython/blob/main/Objects/unicodeobject.c#L1045

Should we add an explicit check on variable char_size before using it in division?

components: Unicode
messages: 393188
nosy: ezio.melotti, vstinner, yiyuaner
priority: normal
severity: normal
status: open
title: Possible divide by zero problems
type: behavior
versions: Python 3.11

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list