From 021dec1c96801401d07c8b84cb51115de641bce9 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Sun, 1 Feb 2015 20:59:00 -0500 Subject: detect overflow in combinations (closes #23366) --- Lib/test/test_itertools.py | 5 +++++ Misc/NEWS | 2 ++ Modules/itertoolsmodule.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py index e5225f2..cbb1b92 100644 --- a/Lib/test/test_itertools.py +++ b/Lib/test/test_itertools.py @@ -137,6 +137,11 @@ class TestBasicOps(unittest.TestCase): self.assertEqual(result, list(combinations2(values, r))) # matches second pure python version self.assertEqual(result, list(combinations3(values, r))) # matches second pure python version + @test_support.bigaddrspacetest + def test_combinations_overflow(self): + with self.assertRaises(OverflowError): + combinations("AA", 2**29) + @test_support.impl_detail("tuple reuse is specific to CPython") def test_combinations_tuple_reuse(self): self.assertEqual(len(set(map(id, combinations('abcde', 3)))), 1) diff --git a/Misc/NEWS b/Misc/NEWS index b4a52d2..87a1d9f 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -18,6 +18,8 @@ Core and Builtins Library ------- +- Issue #23366: Fixed possible integer overflow in itertools.combinations. + - Issue #23191: fnmatch functions that use caching are now threadsafe. - Issue #18518: timeit now rejects statements which can't be compiled outside diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c index cd45eb9..4eab79c 100644 --- a/Modules/itertoolsmodule.c +++ b/Modules/itertoolsmodule.c @@ -2093,6 +2093,10 @@ combinations_new(PyTypeObject *type, PyObject *args, PyObject *kwds) goto error; } + if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) { + PyErr_SetString(PyExc_OverflowError, "r is too big"); + goto error; + } indices = PyMem_Malloc(r * sizeof(Py_ssize_t)); if (indices == NULL) { PyErr_NoMemory(); -- cgit v0.12