summaryrefslogtreecommitdiffstats
path: root/Modules/arraymodule.c
diff options
context:
space:
mode:
authorMark Dickinson <mdickinson@enthought.com>2012-10-06 17:04:49 (GMT)
committerMark Dickinson <mdickinson@enthought.com>2012-10-06 17:04:49 (GMT)
commitc04ddff290fc203d05b75c8569b748525fb76b5b (patch)
tree184849e76ebe965016c2737939f9eaa0dfb900ee /Modules/arraymodule.c
parenta2028733ef072740921017e544d29d191fdb2c9c (diff)
downloadcpython-c04ddff290fc203d05b75c8569b748525fb76b5b.zip
cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.gz
cpython-c04ddff290fc203d05b75c8569b748525fb76b5b.tar.bz2
Issue #16096: Fix several occurrences of potential signed integer overflow. Thanks Serhiy Storchaka.
Diffstat (limited to 'Modules/arraymodule.c')
-rw-r--r--Modules/arraymodule.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c
index 04eb67c..3f5aa8b 100644
--- a/Modules/arraymodule.c
+++ b/Modules/arraymodule.c
@@ -483,11 +483,11 @@ newarrayobject(PyTypeObject *type, Py_ssize_t size, struct arraydescr *descr)
return NULL;
}
- nbytes = size * descr->itemsize;
/* Check for overflow */
- if (nbytes / descr->itemsize != (size_t)size) {
+ if (size > PY_SSIZE_T_MAX / descr->itemsize) {
return PyErr_NoMemory();
}
+ nbytes = size * descr->itemsize;
op = (arrayobject *) type->tp_alloc(type, 0);
if (op == NULL) {
return NULL;
@@ -1251,11 +1251,15 @@ array_fromfile(arrayobject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "On:fromfile", &f, &n))
return NULL;
- nbytes = n * itemsize;
- if (nbytes < 0 || nbytes/itemsize != n) {
+ if (n < 0) {
+ PyErr_SetString(PyExc_ValueError, "negative count");
+ return NULL;
+ }
+ if (n > PY_SSIZE_T_MAX / itemsize) {
PyErr_NoMemory();
return NULL;
}
+ nbytes = n * itemsize;
b = _PyObject_CallMethodId(f, &PyId_read, "n", nbytes);
if (b == NULL)
generated by cgit v0.12 at 2024-11-26 05:08:57 (GMT)