[issue1621] Do not assume signed integer overflow behavior
STINNER Victor
report at bugs.python.org
Wed Sep 12 03:52:57 EDT 2018
STINNER Victor <vstinner at redhat.com> added the comment:
I asked if there is an issue. In fact, all Python memory allocators start by checking if the size is larger than PY_SSIZE_T_MAX. Example:
void *
PyMem_RawMalloc(size_t size)
{
/*
* Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes.
* Most python internals blindly use a signed Py_ssize_t to track
* things without checking for overflows or negatives.
* As size_t is unsigned, checking for size < 0 is not required.
*/
if (size > (size_t)PY_SSIZE_T_MAX)
return NULL;
return _PyMem_Raw.malloc(_PyMem_Raw.ctx, size);
}
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue1621>
_______________________________________
More information about the Python-bugs-list
mailing list