From 6f082297b260d3eb4975d6d4305eba6fd26f9ae9 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Sun, 1 Feb 2015 21:10:47 -0500 Subject: check for overflow in combinations_with_replacement (closes #23365) --- Lib/test/test_itertools.py | 6 +++++- Misc/NEWS | 3 +++ Modules/itertoolsmodule.c | 4 ++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py index 2475443..355c690 100644 --- a/Lib/test/test_itertools.py +++ b/Lib/test/test_itertools.py @@ -344,8 +344,12 @@ class TestBasicOps(unittest.TestCase): self.pickletest(cwr(values,r)) # test pickling - # Test implementation detail: tuple re-use + @support.bigaddrspacetest + def test_combinations_with_replacement_overflow(self): + with self.assertRaises(OverflowError): + combinations_with_replacement("AA", 2**30) + # Test implementation detail: tuple re-use @support.impl_detail("tuple reuse is specific to CPython") def test_combinations_with_replacement_tuple_reuse(self): cwr = combinations_with_replacement diff --git a/Misc/NEWS b/Misc/NEWS index 296c38a..c9399be 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -21,6 +21,9 @@ Library - Issue #23366: Fixed possible integer overflow in itertools.combinations. +- Issue #23365: Fixed possible integer overflow in + itertools.combinations_with_replacement. + What's New in Python 3.3.6? =========================== diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c index 5805143..1075d95 100644 --- a/Modules/itertoolsmodule.c +++ b/Modules/itertoolsmodule.c @@ -2659,6 +2659,10 @@ cwr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) goto error; } + if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) { + PyErr_SetString(PyExc_OverflowError, "r is too big"); + goto error; + } indices = PyMem_Malloc(r * sizeof(Py_ssize_t)); if (indices == NULL) { PyErr_NoMemory(); -- cgit v0.12