[Python-Dev] can this overflow (list insertion)? (original) (raw)

Trent Mick trentm@ActiveState.com
Sat, 12 Aug 2000 14:51:55 -0700

from Objects/listobject.c:

static int ins1(PyListObject *self, int where, PyObject *v) { int i; PyObject **items; if (v == NULL) { PyErr_BadInternalCall(); return -1; } items = self->ob_item; NRESIZE(items, PyObject *, self->ob_size+1); if (items == NULL) { PyErr_NoMemory(); return -1; } if (where < 0) where = 0; if (where > self->ob_size) where = self->ob_size; for (i = self->ob_size; --i >= where; ) items[i+1] = items[i]; Py_INCREF(v); items[where] = v; self->ob_item = items; self->ob_size++; <-------------- can this overflow? return 0; }

In the case of sizeof(int) < sizeof(void*), can this overflow. I have a small patch to text self->ob_size against INT_MAX and I was going to submit it but I am not so sure that overflow is not checked by some other mechanism for list insert. Is it or was this relying on sizeof(ob_size) == sizeof(void*), hence a list being able to hold as many items as there is addressable memory?

scared-to-patch-ly yours, Trent

proposed patch:

*** python/dist/src/Objects/listobject.c Fri Aug 11 16:25:08 2000 --- Python/dist/src/Objects/listobject.c Fri Aug 11 16:25:36 2000

*** 149,155 **** Py_INCREF(v); items[where] = v; self->ob_item = items; ! self->ob_size++; return 0; }

--- 149,159 ---- Py_INCREF(v); items[where] = v; self->ob_item = items; ! if (self->ob_size++ == INT_MAX) { ! PyErr_SetString(PyExc_OverflowError, ! "cannot add more objects to list"); ! return -1; ! } return 0; }

-- Trent Mick TrentM@ActiveState.com