bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_ne… · python/cpython@9c08eeb (original) (raw)
File tree
3 files changed
lines changed
- Misc/NEWS.d/next/Core and Builtins
3 files changed
lines changed
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -183,6 +183,12 @@ class T(Array): | ||
| 183 | 183 | _type_ = c_int |
| 184 | 184 | _length_ = 1.87 |
| 185 | 185 | |
| 186 | +def test_bpo36504_signed_int_overflow(self): | |
| 187 | +# The overflow check in PyCArrayType_new() could cause signed integer | |
| 188 | +# overflow. | |
| 189 | +with self.assertRaises(OverflowError): | |
| 190 | +c_char * sys.maxsize * 2 | |
| 191 | + | |
| 186 | 192 | @unittest.skipUnless(sys.maxsize > 2**32, 'requires 64bit platform') |
| 187 | 193 | @bigmemtest(size=_2G, memuse=1, dry_run=False) |
| 188 | 194 | def test_large_array(self, size): |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| 1 | +Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1466,7 +1466,7 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds) | ||
| 1466 | 1466 | } |
| 1467 | 1467 | |
| 1468 | 1468 | itemsize = itemdict->size; |
| 1469 | -if (length * itemsize < 0) { | |
| 1469 | +if (length > PY_SSIZE_T_MAX / itemsize) { | |
| 1470 | 1470 | PyErr_SetString(PyExc_OverflowError, |
| 1471 | 1471 | "array too large"); |
| 1472 | 1472 | goto error; |