Alexander Belopolsky <[EMAIL PROTECTED]> added the comment:
The following simple change should be enough for this issue, but I would
consider implementing the overflow check in the PyMem_RESIZE and PyMem_NEW
macros and de-deprecate their use.
===================================================================
--- Objects/unicodeobject.c (revision 62237)
+++ Objects/unicodeobject.c (working copy)
@@ -261,8 +261,8 @@
it contains). */
oldstr = unicode->str;
- unicode->str = PyObject_REALLOC(unicode->str,
- sizeof(Py_UNICODE) * (length + 1));
+ unicode->str = SIZE_MAX/sizeof(Py_UNICODE) - 1 < length ? NULL :
+ PyObject_REALLOC(unicode->str, sizeof(Py_UNICODE) * (length +
1));
if (!unicode->str) {
unicode->str = (Py_UNICODE *)oldstr;
PyErr_NoMemory();
__________________________________
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue2620>
__________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
