diff options
author | Zackery Spytz <zspytz@gmail.com> | 2019-05-17 01:13:03 -0600 |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2019-05-17 10:13:03 +0300 |
commit | 14514d9084a40f599c57da853a305aa264562a43 (patch) | |
tree | 36cb61b74dbfda9ce1cdf72a864b640d0bda546d /Modules/_ctypes | |
parent | 870b035bc6da96689b59dd6f79782ec6f1873617 (diff) | |
download | cpython-git-14514d9084a40f599c57da853a305aa264562a43.tar.gz |
bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)
The final addition (cur += step) may overflow, so use size_t for "cur".
"cur" is always positive (even for negative steps), so it is safe to use
size_t here.
Co-Authored-By: Martin Panter <vadmium+py@gmail.com>
Diffstat (limited to 'Modules/_ctypes')
-rw-r--r-- | Modules/_ctypes/_ctypes.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c index 13cf76a16d..7b5115359e 100644 --- a/Modules/_ctypes/_ctypes.c +++ b/Modules/_ctypes/_ctypes.c @@ -4487,7 +4487,8 @@ Array_subscript(PyObject *myself, PyObject *item) StgDictObject *stgdict, *itemdict; PyObject *proto; PyObject *np; - Py_ssize_t start, stop, step, slicelen, cur, i; + Py_ssize_t start, stop, step, slicelen, i; + size_t cur; if (PySlice_Unpack(item, &start, &stop, &step) < 0) { return NULL; @@ -4627,7 +4628,8 @@ Array_ass_subscript(PyObject *myself, PyObject *item, PyObject *value) return Array_ass_item(myself, i, value); } else if (PySlice_Check(item)) { - Py_ssize_t start, stop, step, slicelen, otherlen, i, cur; + Py_ssize_t start, stop, step, slicelen, otherlen, i; + size_t cur; if (PySlice_Unpack(item, &start, &stop, &step) < 0) { return -1; |