Message 148517 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Voo
Recipients	Voo
Date	2011-11-28.22:34:31
SpamBayes Score	1.6038939e-07
Marked as misclassified	No
Message-id	<1322519672.22.0.173147243777.issue13496@psf.upfronthosting.co.za>
In-reply-to

Content
The mid index computation in _bisectmodule.c in both internal_bisect_right and internal_bisect_left is done with: mid = (lo + hi) / 2; // all three variables Py_ssize_t which is susceptible to overflows for large arrays, which would lead to undefined behavior (and in practice almost certainly a crash with a negative index) The fix is trivial - mid = lo + (hi - lo) / 2; - but since I'm just starting to look into the code base I may be missing some undocumented assertions that guarantee this can't happen.

The mid index computation in _bisectmodule.c in both internal_bisect_right and internal_bisect_left is done with:

mid = (lo + hi) / 2; // all three variables Py_ssize_t

which is  susceptible to overflows for large arrays, which would lead to undefined behavior (and in practice almost certainly a crash with a negative index)

The fix is trivial - mid = lo + (hi - lo) / 2; - but since I'm just starting to look into the code base I may be missing some undocumented assertions that guarantee this can't happen.

History
Date	User	Action	Args
2011-11-28 22:34:32	Voo	set	recipients: + Voo
2011-11-28 22:34:32	Voo	set	messageid: <1322519672.22.0.173147243777.issue13496@psf.upfronthosting.co.za>
2011-11-28 22:34:31	Voo	link	issue13496 messages
2011-11-28 22:34:31	Voo	create