[Python-checkins] python/dist/src/Objects intobject.c,2.92,2.93

gvanrossum@users.sourceforge.net gvanrossum@users.sourceforge.net
Wed, 11 Sep 2002 12:00:55 -0700 

Update of /cvsroot/python/python/dist/src/Objects
In directory usw-pr-cvs1:/tmp/cvs-serv1269

Modified Files:
	intobject.c 
Log Message:
Insert an overflow check when the sequence repetition count is outside
the range of ints.  The old code would pass random truncated bits to
sq_repeat() on a 64-bit machine.

Backport candidate.


Index: intobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/intobject.c,v
retrieving revision 2.92
retrieving revision 2.93
diff -C2 -d -r2.92 -r2.93
*** intobject.c	19 Aug 2002 19:26:42 -0000	2.92
--- intobject.c	11 Sep 2002 19:00:52 -0000	2.93
***************
*** 359,370 ****
  
  	if (USE_SQ_REPEAT(v)) {
  		/* sequence * int */
  		a = PyInt_AsLong(w);
  		return (*v->ob_type->tp_as_sequence->sq_repeat)(v, a);
  	}
  	if (USE_SQ_REPEAT(w)) {
! 		/* int * sequence */
! 		a = PyInt_AsLong(v);
! 		return (*w->ob_type->tp_as_sequence->sq_repeat)(w, a);
  	}
  
--- 359,397 ----
  
  	if (USE_SQ_REPEAT(v)) {
+ 	  repeat:
  		/* sequence * int */
  		a = PyInt_AsLong(w);
+ #if LONG_MAX != INT_MAX
+ 		if (a > INT_MAX) {
+ 			PyErr_SetString(PyExc_ValueError,
+ 					"sequence repeat count too large");
+ 			return NULL;
+ 		}
+ 		else if (a < INT_MIN)
+ 			a = INT_MIN;
+ 		/* XXX Why don't I either
+ 
+ 		   - set a to -1 whenever it's negative (after all,
+ 		     sequence repeat usually treats negative numbers
+ 		     as zero(); or
+ 
+ 		   - raise an exception when it's less than INT_MIN?
+ 
+ 		   I'm thinking about a hypothetical use case where some
+ 		   sequence type might use a negative value as a flag of
+ 		   some kind.  In those cases I don't want to break the
+ 		   code by mapping all negative values to -1.  But I also
+ 		   don't want to break e.g. []*(-sys.maxint), which is
+ 		   perfectly safe, returning [].  As a compromise, I do
+ 		   map out-of-range negative values.
+ 		*/
+ #endif
  		return (*v->ob_type->tp_as_sequence->sq_repeat)(v, a);
  	}
  	if (USE_SQ_REPEAT(w)) {
! 		PyObject *tmp = v;
! 		v = w;
! 		w = tmp;
! 		goto repeat;
  	}