[Python-checkins] r76666 - in python/branches/release26-maint: Objects/intobject.c

mark.dickinson python-checkins at python.org
Fri Dec 4 12:25:30 CET 2009


Author: mark.dickinson
Date: Fri Dec  4 12:25:29 2009
New Revision: 76666

Log:
Merged revisions 76665 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r76665 | mark.dickinson | 2009-12-04 11:24:38 +0000 (Fri, 04 Dec 2009) | 2 lines
  
  Avoid undefined behaviour due to overflow in i_divmod (Objects/intobject.c).
........


Modified:
   python/branches/release26-maint/   (props changed)
   python/branches/release26-maint/Objects/intobject.c

Modified: python/branches/release26-maint/Objects/intobject.c
==============================================================================
--- python/branches/release26-maint/Objects/intobject.c	(original)
+++ python/branches/release26-maint/Objects/intobject.c	Fri Dec  4 12:25:29 2009
@@ -584,7 +584,16 @@
 	if (y == -1 && UNARY_NEG_WOULD_OVERFLOW(x))
 		return DIVMOD_OVERFLOW;
 	xdivy = x / y;
-	xmody = x - xdivy * y;
+	/* xdiv*y can overflow on platforms where x/y gives floor(x/y)
+	 * for x and y with differing signs. (This is unusual
+	 * behaviour, and C99 prohibits it, but it's allowed by C89;
+	 * for an example of overflow, take x = LONG_MIN, y = 5 or x =
+	 * LONG_MAX, y = -5.)  However, x - xdivy*y is always
+	 * representable as a long, since it lies strictly between
+	 * -abs(y) and abs(y).  We add casts to avoid intermediate
+	 * overflow.
+	 */
+	xmody = (long)(x - (unsigned long)xdivy * y);
 	/* If the signs of x and y differ, and the remainder is non-0,
 	 * C89 doesn't define whether xdivy is now the floor or the
 	 * ceiling of the infinitely precise quotient.  We want the floor,


More information about the Python-checkins mailing list