diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-10-04 17:01:10 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-04 17:01:10 (GMT) |
| commit | f65f3a9daf8e7d0c6c90a86f0c5bbb10ae9191bc (patch) | |
| tree | dbefb084e19c08a8fe0b2b8fff22f6d88249bbfc /Misc | |
| parent | d6ef6805b2e60a50a83e73bd2f40fc3a03715b32 (diff) | |
| download | cpython-f65f3a9daf8e7d0c6c90a86f0c5bbb10ae9191bc.zip cpython-f65f3a9daf8e7d0c6c90a86f0c5bbb10ae9191bc.tar.gz cpython-f65f3a9daf8e7d0c6c90a86f0c5bbb10ae9191bc.tar.bz2 | |
[3.9] gh-97616: list_resize() checks for integer overflow (GH-97617) (GH-97627)
gh-97616: list_resize() checks for integer overflow (GH-97617)
Fix multiplying a list by an integer (list *= int): detect the
integer overflow when the new allocated length is close to the
maximum size. Issue reported by Jordan Limor.
list_resize() now checks for integer overflow before multiplying the
new allocated length by the list item size (sizeof(PyObject*)).
(cherry picked from commit a5f092f3c469b674b8d9ccbd4e4377230c9ac7cf)
Co-authored-by: Victor Stinner <vstinner@python.org>
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst b/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst new file mode 100644 index 0000000..721427f --- /dev/null +++ b/Misc/NEWS.d/next/Security/2022-09-28-17-09-37.gh-issue-97616.K1e3Xs.rst @@ -0,0 +1,3 @@ +Fix multiplying a list by an integer (``list *= int``): detect the integer +overflow when the new allocated length is close to the maximum size. Issue +reported by Jordan Limor. Patch by Victor Stinner. |