[Python-Dev] can this overflow (list insertion)?
Trent Mick
trentm@ActiveState.com
Sat, 12 Aug 2000 14:51:55 -0700
from Objects/listobject.c:
static int
ins1(PyListObject *self, int where, PyObject *v)
{
int i;
PyObject **items;
if (v == NULL) {
PyErr_BadInternalCall();
return -1;
}
items = self->ob_item;
NRESIZE(items, PyObject *, self->ob_size+1);
if (items == NULL) {
PyErr_NoMemory();
return -1;
}
if (where < 0)
where = 0;
if (where > self->ob_size)
where = self->ob_size;
for (i = self->ob_size; --i >= where; )
items[i+1] = items[i];
Py_INCREF(v);
items[where] = v;
self->ob_item = items;
self->ob_size++; <-------------- can this overflow?
return 0;
}
In the case of sizeof(int) < sizeof(void*), can this overflow. I have a small
patch to text self->ob_size against INT_MAX and I was going to submit it but
I am not so sure that overflow is not checked by some other mechanism for
list insert. Is it or was this relying on sizeof(ob_size) == sizeof(void*),
hence a list being able to hold as many items as there is addressable memory?
scared-to-patch-ly yours,
Trent
proposed patch:
*** python/dist/src/Objects/listobject.c Fri Aug 11 16:25:08 2000
--- Python/dist/src/Objects/listobject.c Fri Aug 11 16:25:36 2000
***************
*** 149,155 ****
Py_INCREF(v);
items[where] = v;
self->ob_item = items;
! self->ob_size++;
return 0;
}
--- 149,159 ----
Py_INCREF(v);
items[where] = v;
self->ob_item = items;
! if (self->ob_size++ == INT_MAX) {
! PyErr_SetString(PyExc_OverflowError,
! "cannot add more objects to list");
! return -1;
! }
return 0;
}
--
Trent Mick
TrentM@ActiveState.com