summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2015-05-21 17:50:25 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2015-05-21 17:50:25 (GMT)
commit4faf5c5655277cec99b2b11f7fe34e73d3ae28b9 (patch)
treeaefe265087e545e5277383bf21d90ced3cdf4022
parentcbfe07e06cb460986b37604bc32dad407cb33f62 (diff)
downloadcpython-4faf5c5655277cec99b2b11f7fe34e73d3ae28b9.zip
cpython-4faf5c5655277cec99b2b11f7fe34e73d3ae28b9.tar.gz
cpython-4faf5c5655277cec99b2b11f7fe34e73d3ae28b9.tar.bz2
Issue #23985: Fixed integer overflow in iterator object. Patch by
Clement Rouault.
Diffstat
-rw-r--r--Lib/test/test_iter.py25
-rw-r--r--Misc/ACKS1
-rw-r--r--Misc/NEWS3
-rw-r--r--Objects/iterobject.c5
4 files changed, 34 insertions, 0 deletions
diff --git a/Lib/test/test_iter.py b/Lib/test/test_iter.py
index e06f239..abc408f 100644
--- a/Lib/test/test_iter.py
+++ b/Lib/test/test_iter.py
@@ -1,5 +1,6 @@
# Test iterators.
+import sys
import unittest
from test.support import run_unittest, TESTFN, unlink, cpython_only
import pickle
@@ -48,6 +49,10 @@ class SequenceClass:
else:
raise IndexError
+class UnlimitedSequenceClass:
+ def __getitem__(self, i):
+ return i
+
# Main test suite
class TestCase(unittest.TestCase):
@@ -919,6 +924,26 @@ class TestCase(unittest.TestCase):
lst.extend(gen())
self.assertEqual(len(lst), 760)
+ @cpython_only
+ def test_iter_overflow(self):
+ # Test for the issue 22939
+ it = iter(UnlimitedSequenceClass())
+ # Manually set `it_index` to PY_SSIZE_T_MAX-2 without a loop
+ it.__setstate__(sys.maxsize - 2)
+ self.assertEqual(next(it), sys.maxsize - 2)
+ self.assertEqual(next(it), sys.maxsize - 1)
+ with self.assertRaises(OverflowError):
+ next(it)
+ # Check that Overflow error is always raised
+ with self.assertRaises(OverflowError):
+ next(it)
+
+ def test_iter_neg_setstate(self):
+ it = iter(UnlimitedSequenceClass())
+ it.__setstate__(-42)
+ self.assertEqual(next(it), 0)
+ self.assertEqual(next(it), 1)
+
def test_main():
run_unittest(TestCase)
diff --git a/Misc/ACKS b/Misc/ACKS
index 7de6de6..b377050 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -1168,6 +1168,7 @@ Guido van Rossum
Just van Rossum
Hugo van Rossum
Saskia van Rossum
+Clement Rouault
Donald Wallace Rouse II
Liam Routt
Todd Rovito
diff --git a/Misc/NEWS b/Misc/NEWS
index 94ea12b..edd6aaa 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@ Release date: tba
Core and Builtins
-----------------
+- Issue #23985: Fixed integer overflow in iterator object. Patch by
+ Clement Rouault.
+
- Issue #23985: Fix a possible buffer overrun when deleting a slice from
the front of a bytearray and then appending some other bytes data.
diff --git a/Objects/iterobject.c b/Objects/iterobject.c
index 77ff810..3047d6b 100644
--- a/Objects/iterobject.c
+++ b/Objects/iterobject.c
@@ -54,6 +54,11 @@ iter_iternext(PyObject *iterator)
seq = it->it_seq;
if (seq == NULL)
return NULL;
+ if (it->it_index == PY_SSIZE_T_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "iter index too large");
+ return NULL;
+ }
result = PySequence_GetItem(seq, it->it_index);
if (result != NULL) {
generated by cgit v0.12 at 2024-11-26 10:47:15 (GMT)