From b2f6bc72a269a0c4ed389ad232b47e2a42b8dde0 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <mdickinson@enthought.com>
Date: Sat, 24 Sep 2011 08:56:09 +0100
Subject: Issue #12973: Fix itertools bug caused by signed integer overflow. 
 Thanks Stefan Krah.

---
 Misc/NEWS                 | 6 +++---
 Modules/itertoolsmodule.c | 4 +++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index fd98d02..1b03736 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -17,9 +17,9 @@ Core and Builtins
 - Issue #13021: Missing decref on an error path.  Thanks to Suman Saha for
   finding the bug and providing a patch.
 
-- Issue #12973: Fix overflow check that relied on undefined behaviour in
-  list_repeat.  This bug caused test_list to fail with recent versions
-  of Clang.
+- Issue #12973: Fix overflow checks that relied on undefined behaviour in
+  list_repeat (listobject.c) and islice_next (itertoolsmodule.c).  These bugs
+  caused test failures with recent versions of Clang.
 
 - Issue #12802: the Windows error ERROR_DIRECTORY (numbered 267) is now
   mapped to POSIX errno ENOTDIR (previously EINVAL).
diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c
index 71d5bb6..8b6fa85 100644
--- a/Modules/itertoolsmodule.c
+++ b/Modules/itertoolsmodule.c
@@ -1234,7 +1234,9 @@ islice_next(isliceobject *lz)
         return NULL;
     lz->cnt++;
     oldnext = lz->next;
-    lz->next += lz->step;
+    /* The (size_t) cast below avoids the danger of undefined
+       behaviour from signed integer overflow. */
+    lz->next += (size_t)lz->step;
     if (lz->next < oldnext || (stop != -1 && lz->next > stop))
         lz->next = stop;
     return item;
-- 
cgit v0.12