summaryrefslogtreecommitdiffstats
path: root/Objects
diff options
context:
space:
mode:
Diffstat (limited to 'Objects')
-rw-r--r--Objects/obmalloc.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c
index efbd566..da8f9c2 100644
--- a/Objects/obmalloc.c
+++ b/Objects/obmalloc.c
@@ -727,6 +727,15 @@ PyObject_Malloc(size_t nbytes)
uint size;
/*
+ * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes.
+ * Most python internals blindly use a signed Py_ssize_t to track
+ * things without checking for overflows or negatives.
+ * As size_t is unsigned, checking for nbytes < 0 is not required.
+ */
+ if (nbytes > PY_SSIZE_T_MAX)
+ return NULL;
+
+ /*
* This implicitly redirects malloc(0).
*/
if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
@@ -1130,6 +1139,15 @@ PyObject_Realloc(void *p, size_t nbytes)
if (p == NULL)
return PyObject_Malloc(nbytes);
+ /*
+ * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes.
+ * Most python internals blindly use a signed Py_ssize_t to track
+ * things without checking for overflows or negatives.
+ * As size_t is unsigned, checking for nbytes < 0 is not required.
+ */
+ if (nbytes > PY_SSIZE_T_MAX)
+ return NULL;
+
pool = POOL_ADDR(p);
if (Py_ADDRESS_IN_RANGE(p, pool)) {
/* We're in charge of this block */
generated by cgit v0.12 at 2025-03-04 11:58:59 (GMT)