diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2014-11-02 17:40:09 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2014-11-02 17:40:09 (GMT) |
| commit | cc23154d020723dc85d055324861f6a8f54fe0f7 (patch) | |
| tree | 4443bd4e56e69d5040a3d1df710cebb03447e0b0 /Objects/obmalloc.c | |
| parent | 64f10d4f5e01ab119baa4d0a10403cec444810ce (diff) | |
| download | cpython-cc23154d020723dc85d055324861f6a8f54fe0f7.zip cpython-cc23154d020723dc85d055324861f6a8f54fe0f7.tar.gz cpython-cc23154d020723dc85d055324861f6a8f54fe0f7.tar.bz2 | |
Issue #22335: Fix crash when trying to enlarge a bytearray to 0x7fffffff bytes on a 32-bit platform.
Diffstat (limited to 'Objects/obmalloc.c')
| -rw-r--r-- | Objects/obmalloc.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c index 004cfaa..3c33255 100644 --- a/Objects/obmalloc.c +++ b/Objects/obmalloc.c @@ -1754,8 +1754,8 @@ _PyMem_DebugMalloc(void *ctx, size_t nbytes) bumpserialno(); total = nbytes + 4*SST; - if (total < nbytes) - /* overflow: can't represent total as a size_t */ + if (nbytes > PY_SSIZE_T_MAX - 4*SST) + /* overflow: can't represent total as a Py_ssize_t */ return NULL; p = (uchar *)api->alloc.malloc(api->alloc.ctx, total); @@ -1817,8 +1817,8 @@ _PyMem_DebugRealloc(void *ctx, void *p, size_t nbytes) bumpserialno(); original_nbytes = read_size_t(q - 2*SST); total = nbytes + 4*SST; - if (total < nbytes) - /* overflow: can't represent total as a size_t */ + if (nbytes > PY_SSIZE_T_MAX - 4*SST) + /* overflow: can't represent total as a Py_ssize_t */ return NULL; /* Resize and add decorations. We may get a new pointer here, in which |