From 208b0fb645c0e14b0826c0014e74a0b70c58c9d6 Mon Sep 17 00:00:00 2001
From: Peter Bierma <zintensitydev@gmail.com>
Date: Thu, 5 Dec 2024 11:07:38 -0500
Subject: gh-122431: Disallow negative values in `readline.append_history_file`
 (#122469)

Co-authored-by: Victor Stinner <vstinner@python.org>
---
 Lib/test/test_readline.py                                         | 8 ++++++++
 .../next/Library/2024-07-30-11-37-40.gh-issue-122431.lAzVtu.rst   | 1 +
 Modules/readline.c                                                | 6 ++++++
 3 files changed, 15 insertions(+)
 create mode 100644 Misc/NEWS.d/next/Library/2024-07-30-11-37-40.gh-issue-122431.lAzVtu.rst

diff --git a/Lib/test/test_readline.py b/Lib/test/test_readline.py
index 50e77cb..8b8772c 100644
--- a/Lib/test/test_readline.py
+++ b/Lib/test/test_readline.py
@@ -114,6 +114,14 @@ class TestHistoryManipulation (unittest.TestCase):
         # write_history_file can create the target
         readline.write_history_file(hfilename)
 
+        # Negative values should be disallowed
+        with self.assertRaises(ValueError):
+            readline.append_history_file(-42, hfilename)
+
+        # See gh-122431, using the minimum signed integer value caused a segfault
+        with self.assertRaises(ValueError):
+            readline.append_history_file(-2147483648, hfilename)
+
     def test_nonascii_history(self):
         readline.clear_history()
         try:
diff --git a/Misc/NEWS.d/next/Library/2024-07-30-11-37-40.gh-issue-122431.lAzVtu.rst b/Misc/NEWS.d/next/Library/2024-07-30-11-37-40.gh-issue-122431.lAzVtu.rst
new file mode 100644
index 0000000..16ad757
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-07-30-11-37-40.gh-issue-122431.lAzVtu.rst
@@ -0,0 +1 @@
+:func:`readline.append_history_file` now raises a :exc:`ValueError` when given a negative value.
diff --git a/Modules/readline.c b/Modules/readline.c
index 35655c7..7d1f703 100644
--- a/Modules/readline.c
+++ b/Modules/readline.c
@@ -351,6 +351,12 @@ readline_append_history_file_impl(PyObject *module, int nelements,
                                   PyObject *filename_obj)
 /*[clinic end generated code: output=5df06fc9da56e4e4 input=784b774db3a4b7c5]*/
 {
+    if (nelements < 0)
+    {
+        PyErr_SetString(PyExc_ValueError, "nelements must be positive");
+        return NULL;
+    }
+
     PyObject *filename_bytes;
     const char *filename;
     int err;
-- 
cgit v0.12