Issue #9530: Fix a couple of places where undefined behaviour can

occur, as a result of signed integer overflow.

Issue #9530: Fix a couple of places where undefined behaviour can
occur, as a result of signed integer overflow.
7e3b948c · Mark Dickinson · d0511b0e · 7e3b948c
Kaydet (Commit) 7e3b948c authored Agu 06, 2010 tarafından Mark Dickinson
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

bytearrayobject.c Objects/bytearrayobject.c +8 -2

No files found.
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -649,6 +649,11 @@ bytearray_ass_subscript(PyByteArrayObject *self, PyObject *index, PyObject *valu

            if (!_canresize(self))
                return -1;
+
+            if (slicelen == 0)
+                /* Nothing to do here. */
+                return 0;
+
            if (step < 0) {
                stop = start + 1;
                start = stop + step * (slicelen - 1) - 1;
@@ -665,7 +670,7 @@ bytearray_ass_subscript(PyByteArrayObject *self, PyObject *index, PyObject *valu
                        self->ob_bytes + cur + 1, lim);
            }
            /* Move the tail of the bytes, in one chunk */
-            cur = start + slicelen*step;
+            cur = start + (size_t)slicelen*step;
            if (cur < (size_t)PyByteArray_GET_SIZE(self)) {
                memmove(self->ob_bytes + cur - slicelen,
                        self->ob_bytes + cur,
@@ -679,7 +684,8 @@ bytearray_ass_subscript(PyByteArrayObject *self, PyObject *index, PyObject *valu
        }
        else {
            /* Assign slice */
-            Py_ssize_t cur, i;
+            Py_ssize_t i;
+            size_t cur;

            if (needed != slicelen) {
                PyErr_Format(PyExc_ValueError,