gh-97616: list_resize() checks for integer overflow (#97617)

Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. list_resize() now checks for integer overflow before multiplying the new allocated length by the list item size (sizeof(PyObject*)).
author: Victor Stinner <vstinner@python.org> 2022-09-28 22:07:07 (GMT)
committer: GitHub <noreply@github.com> 2022-09-28 22:07:07 (GMT)
commit: a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf (patch)
tree: 95ce34b8dfa9f92bde8e75260a135e379721d676 /Misc/NEWS.d/next/Security
parent: 81b9d9ddc20837ecd19f41b764e3f33d8ae805d5 (diff)
download: cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.zip
cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.tar.gz
cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst b/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst
new file mode 100644
index 0000000..721427f
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst
@@ -0,0 +1,3 @@
+Fix multiplying a list by an integer (``list *= int``): detect the integer
+overflow when the new allocated length is close to the maximum size. Issue
+reported by Jordan Limor.  Patch by Victor Stinner.
author	Victor Stinner <vstinner@python.org>	2022-09-28 22:07:07 (GMT)
committer	GitHub <noreply@github.com>	2022-09-28 22:07:07 (GMT)
commit	a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf (patch)
tree	95ce34b8dfa9f92bde8e75260a135e379721d676 /Misc/NEWS.d/next/Security
parent	81b9d9ddc20837ecd19f41b764e3f33d8ae805d5 (diff)
download	cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.zip cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.tar.gz cpython-a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf.tar.bz2