From 14514d9084a40f599c57da853a305aa264562a43 Mon Sep 17 00:00:00 2001
From: Zackery Spytz <zspytz@gmail.com>
Date: Fri, 17 May 2019 01:13:03 -0600
Subject: bpo-36946: Fix possible signed integer overflow when handling slices.
 (GH-13375)

The final addition (cur += step) may overflow, so use size_t for "cur".
"cur" is always positive (even for negative steps), so it is safe to use
size_t here.

Co-Authored-By: Martin Panter <vadmium+py@gmail.com>
---
 Objects/bytearrayobject.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'Objects/bytearrayobject.c')

diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index eaf5dceb03..8d5ba54012 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -410,7 +410,8 @@ bytearray_subscript(PyByteArrayObject *self, PyObject *index)
         return PyLong_FromLong((unsigned char)(PyByteArray_AS_STRING(self)[i]));
     }
     else if (PySlice_Check(index)) {
-        Py_ssize_t start, stop, step, slicelength, cur, i;
+        Py_ssize_t start, stop, step, slicelength, i;
+        size_t cur;
         if (PySlice_Unpack(index, &start, &stop, &step) < 0) {
             return NULL;
         }
-- 
cgit v1.2.1