Windson Yang <wiwind...@gmail.com> added the comment:
Sorry, Stefan Behnel, I still don't get it. alloc will always bigger than size after the if else case: if (size < alloc / 2) { /* Major downsize; resize down to exact size. */ alloc = size + 1; } else if (size < alloc) { /* Within allocated size; quick exit */ return 0; } else if (size <= alloc * 1.125) { /* Moderate upsize; overallocate similar to list_resize() */ alloc = size + (size >> 3) + (size < 9 ? 3 : 6); } else { /* Major upsize; resize up to exact size */ alloc = size + 1; } Since we limit the alloc at: if (alloc > PY_SIZE_MAX / sizeof(Py_UCS4)) goto overflow; whenever size > PY_SIZE_MAX / sizeof(Py_UCS4) at first will cause alloc overflow. So why not limit size to PY_SIZE_MAX / sizeof(Py_UCS4) at the beginning? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34912> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com