[issue35090] bz2: Potential division by zero in BZ2_Malloc()
Alexey Izbyshev
report at bugs.python.org
Sun Oct 28 08:13:54 EDT 2018
New submission from Alexey Izbyshev <izbyshev at ispras.ru>:
BZ2_Malloc() checks for size < 0 at https://github.com/python/cpython/blob/6015cc50bc38b9e920ce4986ee10658eaa14f561/Modules/_bz2module.c#L278 , but doesn't check for size == 0 before dividing by it:
if (items < 0 || size < 0)
return NULL;
if ((size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size)
return NULL;
Reported by Svace static analyzer.
----------
components: Extension Modules
messages: 328686
nosy: berker.peksag, izbyshev, serhiy.storchaka, vstinner
priority: normal
severity: normal
status: open
title: bz2: Potential division by zero in BZ2_Malloc()
type: behavior
versions: Python 3.6, Python 3.7, Python 3.8
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35090>
_______________________________________
More information about the Python-bugs-list
mailing list