Closes release blocker #3627.

Merged revisions 65335 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk TESTED=./python -E -tt ./Lib/test/regrtest.py -uall (both debug and opt) ........ r65335 | neal.norwitz | 2008-07-31 10:17:14 -0700 (Thu, 31 Jul 2008) | 1 line Security patches from Apple: prevent int overflow when allocating memory ........
author: Neal Norwitz <nnorwitz@gmail.com> 2008-08-24 07:08:55 (GMT)
committer: Neal Norwitz <nnorwitz@gmail.com> 2008-08-24 07:08:55 (GMT)
commit: 3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f (patch)
tree: c29add3a6b61f321009d73a91464f45b5d10862a /Objects/bytearrayobject.c
parent: 06db799a53cba0396908d291bbe4bcc6c1c50daa (diff)
download: cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.zip
cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.tar.gz
cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index da11249..201d294 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -121,6 +121,11 @@ PyByteArray_FromStringAndSize(const char *bytes, Py_ssize_t size)
         return NULL;
     }
 
+    /* Prevent buffer overflow when setting alloc to size+1. */
+    if (size == PY_SSIZE_T_MAX) {
+        return PyErr_NoMemory();
+    }
+
     new = PyObject_New(PyByteArrayObject, &PyByteArray_Type);
     if (new == NULL)
         return NULL;
author	Neal Norwitz <nnorwitz@gmail.com>	2008-08-24 07:08:55 (GMT)
committer	Neal Norwitz <nnorwitz@gmail.com>	2008-08-24 07:08:55 (GMT)
commit	3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f (patch)
tree	c29add3a6b61f321009d73a91464f45b5d10862a /Objects/bytearrayobject.c
parent	06db799a53cba0396908d291bbe4bcc6c1c50daa (diff)
download	cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.zip cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.tar.gz cpython-3ce5d9207e66d61d4b0502cf47ed2d2bcdd2212f.tar.bz2