[Python-checkins] bpo-25943: Check for integer overflow in bsddb's DB_join(). (GH-8392)
Serhiy Storchaka
webhook-mailer at python.org
Sun Jul 22 12:53:59 EDT 2018
https://github.com/python/cpython/commit/041a4ee9456d716dd449d38a5328b82e76f5dbc4
commit: 041a4ee9456d716dd449d38a5328b82e76f5dbc4
branch: 2.7
author: Zackery Spytz <zspytz at gmail.com>
committer: Serhiy Storchaka <storchaka at gmail.com>
date: 2018-07-22T19:53:56+03:00
summary:
bpo-25943: Check for integer overflow in bsddb's DB_join(). (GH-8392)
files:
M Modules/_bsddb.c
diff --git a/Modules/_bsddb.c b/Modules/_bsddb.c
index a8867942b1fe..6a1c188cbd96 100644
--- a/Modules/_bsddb.c
+++ b/Modules/_bsddb.c
@@ -2257,7 +2257,7 @@ static PyObject*
DB_join(DBObject* self, PyObject* args)
{
int err, flags=0;
- int length, x;
+ Py_ssize_t length, x;
PyObject* cursorsObj;
DBC** cursors;
DBC* dbc;
@@ -2274,6 +2274,12 @@ DB_join(DBObject* self, PyObject* args)
}
length = PyObject_Length(cursorsObj);
+ if (length == -1) {
+ return NULL;
+ }
+ if (length >= PY_SSIZE_T_MAX / sizeof(DBC*)) {
+ return PyErr_NoMemory();
+ }
cursors = malloc((length+1) * sizeof(DBC*));
if (!cursors) {
PyErr_NoMemory();
More information about the Python-checkins
mailing list