From 6df863c93ad7e14fc163d4baae2762274511da48 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <dickinsm@gmail.com>
Date: Wed, 2 Dec 2009 17:36:34 +0000
Subject: Merged revisions 76629 via svnmerge from
 svn+ssh://pythondev@svn.python.org/python/trunk

........
  r76629 | mark.dickinson | 2009-12-02 17:33:41 +0000 (Wed, 02 Dec 2009) | 3 lines

  Issue #7406:  Fix some occurrences of potential signed overflow in int
  arithmetic.
........
---
 Objects/intobject.c | 9 ++++++---
 Python/ceval.c      | 8 ++++++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/Objects/intobject.c b/Objects/intobject.c
index e73c921..ebe029e 100644
--- a/Objects/intobject.c
+++ b/Objects/intobject.c
@@ -465,7 +465,8 @@ int_add(PyIntObject *v, PyIntObject *w)
 	register long a, b, x;
 	CONVERT_TO_LONG(v, a);
 	CONVERT_TO_LONG(w, b);
-	x = a + b;
+	/* casts in the line below avoid undefined behaviour on overflow */
+	x = (long)((unsigned long)a + b);
 	if ((x^a) >= 0 || (x^b) >= 0)
 		return PyInt_FromLong(x);
 	return PyLong_Type.tp_as_number->nb_add((PyObject *)v, (PyObject *)w);
@@ -477,7 +478,8 @@ int_sub(PyIntObject *v, PyIntObject *w)
 	register long a, b, x;
 	CONVERT_TO_LONG(v, a);
 	CONVERT_TO_LONG(w, b);
-	x = a - b;
+	/* casts in the line below avoid undefined behaviour on overflow */
+	x = (long)((unsigned long)a - b);
 	if ((x^a) >= 0 || (x^~b) >= 0)
 		return PyInt_FromLong(x);
 	return PyLong_Type.tp_as_number->nb_subtract((PyObject *)v,
@@ -520,7 +522,8 @@ int_mul(PyObject *v, PyObject *w)
 
 	CONVERT_TO_LONG(v, a);
 	CONVERT_TO_LONG(w, b);
-	longprod = a * b;
+	/* casts in the next line avoid undefined behaviour on overflow */
+	longprod = (long)((unsigned long)a * b);
 	doubleprod = (double)a * (double)b;
 	doubled_longprod = (double)longprod;
 
diff --git a/Python/ceval.c b/Python/ceval.c
index abe157e..6c71c27 100644
--- a/Python/ceval.c
+++ b/Python/ceval.c
@@ -1191,7 +1191,9 @@ PyEval_EvalFrameEx(PyFrameObject *f, int throwflag)
 				register long a, b, i;
 				a = PyInt_AS_LONG(v);
 				b = PyInt_AS_LONG(w);
-				i = a + b;
+				/* cast to avoid undefined behaviour
+				   on overflow */
+				i = (long)((unsigned long)a + b);
 				if ((i^a) < 0 && (i^b) < 0)
 					goto slow_add;
 				x = PyInt_FromLong(i);
@@ -1221,7 +1223,9 @@ PyEval_EvalFrameEx(PyFrameObject *f, int throwflag)
 				register long a, b, i;
 				a = PyInt_AS_LONG(v);
 				b = PyInt_AS_LONG(w);
-				i = a - b;
+				/* cast to avoid undefined behaviour
+				   on overflow */
+				i = (long)((unsigned long)a - b);
 				if ((i^a) < 0 && (i^~b) < 0)
 					goto slow_sub;
 				x = PyInt_FromLong(i);
-- 
cgit v0.12