summaryrefslogtreecommitdiffstats
path: root/Modules/itertoolsmodule.c
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2015-02-02 02:34:07 (GMT)
committerBenjamin Peterson <benjamin@python.org>2015-02-02 02:34:07 (GMT)
commit0eaabf1c05127793753dbb3641d4d107b284ae77 (patch)
tree339d052650eadbf997c68401f6917c2fcc6654bd /Modules/itertoolsmodule.c
parent6f082297b260d3eb4975d6d4305eba6fd26f9ae9 (diff)
downloadcpython-0eaabf1c05127793753dbb3641d4d107b284ae77.zip
cpython-0eaabf1c05127793753dbb3641d4d107b284ae77.tar.gz
cpython-0eaabf1c05127793753dbb3641d4d107b284ae77.tar.bz2
check for overflows in permutations() and product() (closes #23363, closes #23364)
Diffstat (limited to 'Modules/itertoolsmodule.c')
-rw-r--r--Modules/itertoolsmodule.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c
index 1075d95..f367423 100644
--- a/Modules/itertoolsmodule.c
+++ b/Modules/itertoolsmodule.c
@@ -1998,8 +1998,17 @@ product_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
}
}
- assert(PyTuple_Check(args));
- nargs = (repeat == 0) ? 0 : PyTuple_GET_SIZE(args);
+ assert(PyTuple_CheckExact(args));
+ if (repeat == 0) {
+ nargs = 0;
+ } else {
+ nargs = PyTuple_GET_SIZE(args);
+ if (repeat > PY_SSIZE_T_MAX/sizeof(Py_ssize_t) ||
+ nargs > PY_SSIZE_T_MAX/(repeat * sizeof(Py_ssize_t))) {
+ PyErr_SetString(PyExc_OverflowError, "repeat argument too large");
+ return NULL;
+ }
+ }
npools = nargs * repeat;
indices = PyMem_Malloc(npools * sizeof(Py_ssize_t));
@@ -2992,6 +3001,11 @@ permutations_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
goto error;
}
+ if (n > PY_SSIZE_T_MAX/sizeof(Py_ssize_t) ||
+ r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) {
+ PyErr_SetString(PyExc_OverflowError, "parameters too large");
+ goto error;
+ }
indices = PyMem_Malloc(n * sizeof(Py_ssize_t));
cycles = PyMem_Malloc(r * sizeof(Py_ssize_t));
if (indices == NULL || cycles == NULL) {
generated by cgit v0.12 at 2024-11-16 04:46:00 (GMT)