[issue27507] bytearray.extend lacks overflow check when increasing buffer
Martin Panter
report at bugs.python.org
Sat Jul 16 11:35:25 EDT 2016
Martin Panter added the comment:
Not particularly related, but the special fast case in Objects/listobject.c:811, listextend(), also seems to lack an overflow check.
“An alternative would be to raise the error without trying to allocate Py_SSIZE_T_MAX first”: what I meant was removing the special case to allocate PY_SSIZE_T_MAX. As soon as it attempts to overallocate 2+ GiB of memory it fails. Something more like
addition = len >> 1;
if (addition > PY_SSIZE_T_MAX - len - 1) {
/* . . . */
return PyErr_NoMemory();
}
buf_size = len + addition;
Antti: in this case we are allocating an array of _bytes_, not pointers. So maybe it is possible to reach the limit with a 32-bit address space.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27507>
_______________________________________
More information about the Python-bugs-list
mailing list