Issue #16096: Fix several occurrences of potential signed integer overflow. Thanks Serhiy Storchaka.

author: Mark Dickinson <mdickinson@enthought.com> 2012-10-06 17:04:49 (GMT)
committer: Mark Dickinson <mdickinson@enthought.com> 2012-10-06 17:04:49 (GMT)
commit: c04ddff290fc203d05b75c8569b748525fb76b5b (patch)
tree: 184849e76ebe965016c2737939f9eaa0dfb900ee /Modules/_randommodule.c
parent: a2028733ef072740921017e544d29d191fdb2c9c (diff)
download: cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.zip
cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.gz
cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.bz2
1 files changed, 2 insertions, 1 deletions
diff --git a/Modules/_randommodule.c b/Modules/_randommodule.c
index 421a0d8..6540ab9 100644
--- a/Modules/_randommodule.c
+++ b/Modules/_randommodule.c
@@ -284,7 +284,8 @@ random_seed(RandomObject *self, PyObject *args)
         n = newn;
         if (keyused >= keymax) {
             unsigned long bigger = keymax << 1;
-            if ((bigger >> 1) != keymax) {
+            if ((bigger >> 1) != keymax ||
+                bigger > PY_SSIZE_T_MAX / sizeof(*key)) {
                 PyErr_NoMemory();
                 goto Done;
             }
author	Mark Dickinson <mdickinson@enthought.com>	2012-10-06 17:04:49 (GMT)
committer	Mark Dickinson <mdickinson@enthought.com>	2012-10-06 17:04:49 (GMT)
commit	c04ddff290fc203d05b75c8569b748525fb76b5b (patch)
tree	184849e76ebe965016c2737939f9eaa0dfb900ee /Modules/_randommodule.c
parent	a2028733ef072740921017e544d29d191fdb2c9c (diff)
download	cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.zip cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.gz cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.bz2