From c0420fd42ade6d996bfe2ae2beffa3de79524883 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <mdickinson@enthought.com>
Date: Mon, 19 Sep 2011 19:18:37 +0100
Subject: Issue #12973: Fix undefined-behaviour-inducing overflow check in
 list_repeat.

---
 Misc/NEWS            | 4 ++++
 Objects/listobject.c | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index bfe5369..bc52aa8 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,10 @@ What's New in Python 3.2.3?
 Core and Builtins
 -----------------
 
+- Issue #12973: Fix overflow check that relied on undefined behaviour in
+  list_repeat.  This bug caused test_list to fail with recent versions
+  of Clang.
+
 - Issue #12802: the Windows error ERROR_DIRECTORY (numbered 267) is now
   mapped to POSIX errno ENOTDIR (previously EINVAL).
 
diff --git a/Objects/listobject.c b/Objects/listobject.c
index 73624f0..36f8b9d 100644
--- a/Objects/listobject.c
+++ b/Objects/listobject.c
@@ -58,7 +58,7 @@ list_resize(PyListObject *self, Py_ssize_t newsize)
     if (newsize == 0)
         new_allocated = 0;
     items = self->ob_item;
-    if (new_allocated <= ((~(size_t)0) / sizeof(PyObject *)))
+    if (new_allocated <= (PY_SIZE_MAX / sizeof(PyObject *)))
         PyMem_RESIZE(items, PyObject *, new_allocated);
     else
         items = NULL;
@@ -510,9 +510,9 @@ list_repeat(PyListObject *a, Py_ssize_t n)
     PyObject *elem;
     if (n < 0)
         n = 0;
-    size = Py_SIZE(a) * n;
-    if (n && size/n != Py_SIZE(a))
+    if (n > 0 && Py_SIZE(a) > PY_SSIZE_T_MAX / n)
         return PyErr_NoMemory();
+    size = Py_SIZE(a) * n;
     if (size == 0)
         return PyList_New(0);
     np = (PyListObject *) PyList_New(size);
-- 
cgit v0.12