From c00eb73a309d5e9a4e89c3114b32eda88bd83e98 Mon Sep 17 00:00:00 2001
From: "Gregory P. Smith" <greg@mad-scientist.com>
Date: Wed, 9 Apr 2008 23:16:37 +0000
Subject: Raise SystemError when size < 0 is passed into
 PyString_FromStringAndSize, PyBytes_FromStringAndSize or
 PyUnicode_FromStringAndSize.  [issue2587]

---
 Objects/bytesobject.c   | 5 +++++
 Objects/stringobject.c  | 5 +++++
 Objects/unicodeobject.c | 8 ++++++++
 3 files changed, 18 insertions(+)

diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
index 23de37e..af7a1b1 100644
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c
@@ -161,6 +161,11 @@ PyBytes_FromStringAndSize(const char *bytes, Py_ssize_t size)
     Py_ssize_t alloc;
 
     assert(size >= 0);
+    if (size < 0) {
+        PyErr_SetString(PyExc_SystemError,
+            "Negative size passed to PyBytes_FromStringAndSize");
+        return NULL;
+    }
 
     new = PyObject_New(PyBytesObject, &PyBytes_Type);
     if (new == NULL)
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 4c36e4b..f4b4264 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -56,6 +56,11 @@ PyString_FromStringAndSize(const char *str, Py_ssize_t size)
 {
 	register PyStringObject *op;
 	assert(size >= 0);
+	if (size < 0) {
+		PyErr_SetString(PyExc_SystemError,
+		    "Negative size passed to PyString_FromStringAndSize");
+		return NULL;
+	}
 	if (size == 0 && (op = nullstring) != NULL) {
 #ifdef COUNT_ALLOCS
 		null_strings++;
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 75ad9f0..4337972 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -465,6 +465,14 @@ PyObject *PyUnicode_FromUnicode(const Py_UNICODE *u,
 PyObject *PyUnicode_FromStringAndSize(const char *u, Py_ssize_t size)
 {
     PyUnicodeObject *unicode;
+
+	assert(size <= 0);
+	if (size < 0) {
+		PyErr_SetString(PyExc_SystemError,
+		    "Negative size passed to PyUnicode_FromStringAndSize");
+		return NULL;
+	}
+
     /* If the Unicode data is known at construction time, we can apply
        some optimizations which share commonly used objects.
        Also, this means the input must be UTF-8, so fall back to the
-- 
cgit v0.12