diff -r 8f978b2891dc Modules/_ctypes/_ctypes.c --- a/Modules/_ctypes/_ctypes.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Modules/_ctypes/_ctypes.c Thu Feb 12 10:18:40 2015 +0200 @@ -301,7 +301,7 @@ char * char *new_prefix; char *result; char buf[32]; - int prefix_len; + Py_ssize_t prefix_len; int k; prefix_len = 32 * ndim + 3; diff -r 8f978b2891dc Modules/_elementtree.c --- a/Modules/_elementtree.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Modules/_elementtree.c Thu Feb 12 10:18:40 2015 +0200 @@ -11,6 +11,8 @@ *-------------------------------------------------------------------- */ +#define PY_SSIZE_T_CLEAN + #include "Python.h" #include "structmember.h" @@ -185,8 +187,8 @@ typedef struct { PyObject* attrib; /* child elements */ - int length; /* actual number of items */ - int allocated; /* allocated items */ + Py_ssize_t length; /* actual number of items */ + Py_ssize_t allocated; /* allocated items */ /* this either points to _children or to a malloced buffer */ PyObject* *children; @@ -251,7 +253,7 @@ LOCAL(void) dealloc_extra(ElementObject* self) { ElementObjectExtra *myextra; - int i; + Py_ssize_t i; if (!self->extra) return; @@ -429,9 +431,9 @@ element_init(PyObject *self, PyObject *a } LOCAL(int) -element_resize(ElementObject* self, int extra) +element_resize(ElementObject* self, Py_ssize_t extra) { - int size; + Py_ssize_t size; PyObject* *children; /* make sure self->children can hold the given number of extra @@ -442,7 +444,7 @@ element_resize(ElementObject* self, int return -1; } - size = self->extra->length + extra; + size = self->extra->length + extra; /* never overflows */ if (size > self->extra->allocated) { /* use Python 2.4's list growth strategy */ @@ -453,6 +455,8 @@ element_resize(ElementObject* self, int * be safe. */ size = size ? size : 1; + if (size > (Py_ssize_t)(PY_SSIZE_T_MAX/sizeof(PyObject*))) + goto nomemory; if (self->extra->children != self->extra->_children) { /* Coverity CID #182 size_error: Allocating 1 bytes to pointer * "children", which needs at least 4 bytes. Although it's a @@ -613,7 +617,7 @@ element_gc_traverse(ElementObject *self, Py_VISIT(JOIN_OBJ(self->tail)); if (self->extra) { - int i; + Py_ssize_t i; Py_VISIT(self->extra->attrib); for (i = 0; i < self->extra->length; ++i) @@ -689,7 +693,7 @@ element_clearmethod(ElementObject* self, static PyObject* element_copy(ElementObject* self, PyObject* args) { - int i; + Py_ssize_t i; ElementObject* element; if (!PyArg_ParseTuple(args, ":__copy__")) @@ -728,7 +732,7 @@ element_copy(ElementObject* self, PyObje static PyObject* element_deepcopy(ElementObject* self, PyObject* args) { - int i; + Py_ssize_t i; ElementObject* element; PyObject* tag; PyObject* attrib; @@ -839,7 +843,7 @@ element_sizeof(PyObject* myself, PyObjec static PyObject * element_getstate(ElementObject *self) { - int i, noattrib; + Py_ssize_t i, noattrib; PyObject *instancedict = NULL, *children; /* Build a list of children. */ @@ -1077,7 +1081,7 @@ element_extend(ElementObject* self, PyOb static PyObject* element_find(ElementObject *self, PyObject *args, PyObject *kwds) { - int i; + Py_ssize_t i; PyObject* tag; PyObject* namespaces = Py_None; static char *kwlist[] = {"path", "namespaces", 0}; @@ -1112,7 +1116,7 @@ element_find(ElementObject *self, PyObje static PyObject* element_findtext(ElementObject *self, PyObject *args, PyObject *kwds) { - int i; + Py_ssize_t i; PyObject* tag; PyObject* default_value = Py_None; PyObject* namespaces = Py_None; @@ -1153,7 +1157,7 @@ element_findtext(ElementObject *self, Py static PyObject* element_findall(ElementObject *self, PyObject *args, PyObject *kwds) { - int i; + Py_ssize_t i; PyObject* out; PyObject* tag; PyObject* namespaces = Py_None; @@ -1238,7 +1242,7 @@ element_get(ElementObject* self, PyObjec static PyObject* element_getchildren(ElementObject* self, PyObject* args) { - int i; + Py_ssize_t i; PyObject* list; /* FIXME: report as deprecated? */ @@ -1310,11 +1314,11 @@ element_getitem(PyObject* self_, Py_ssiz static PyObject* element_insert(ElementObject* self, PyObject* args) { - int i; - - int index; + Py_ssize_t i; + + Py_ssize_t index; PyObject* element; - if (!PyArg_ParseTuple(args, "iO!:insert", &index, + if (!PyArg_ParseTuple(args, "nO!:insert", &index, &Element_Type, &element)) return NULL; @@ -1402,7 +1406,7 @@ element_makeelement(PyObject* self, PyOb static PyObject* element_remove(ElementObject* self, PyObject* args) { - int i; + Py_ssize_t i; PyObject* element; if (!PyArg_ParseTuple(args, "O!:remove", &Element_Type, &element)) @@ -1481,7 +1485,7 @@ static int element_setitem(PyObject* self_, Py_ssize_t index, PyObject* item) { ElementObject* self = (ElementObject*) self_; - int i; + Py_ssize_t i; PyObject* old; if (!self->extra || index < 0 || index >= self->extra->length) { @@ -2819,12 +2823,13 @@ makeuniversal(XMLParserObject* self, con * message string is the default for the given error_code. */ static void -expat_set_error(enum XML_Error error_code, int line, int column, char *message) +expat_set_error(enum XML_Error error_code, Py_ssize_t line, Py_ssize_t column, + char *message) { PyObject *errmsg, *error, *position, *code; elementtreestate *st = ET_STATE_GLOBAL; - errmsg = PyUnicode_FromFormat("%s: line %d, column %d", + errmsg = PyUnicode_FromFormat("%s: line %zd, column %zd", message ? message : EXPAT(ErrorString)(error_code), line, column); if (errmsg == NULL) @@ -2848,7 +2853,7 @@ expat_set_error(enum XML_Error error_cod } Py_DECREF(code); - position = Py_BuildValue("(ii)", line, column); + position = Py_BuildValue("(nn)", line, column); if (!position) { Py_DECREF(error); return; @@ -3477,8 +3482,14 @@ xmlparser_parse_whole(XMLParserObject* s break; } + if (PyBytes_GET_SIZE(buffer) > INT_MAX) { + Py_DECREF(buffer); + Py_DECREF(reader); + PyErr_SetString(PyExc_OverflowError, "size does not fit in an int"); + return NULL; + } res = expat_parse( - self, PyBytes_AS_STRING(buffer), PyBytes_GET_SIZE(buffer), 0 + self, PyBytes_AS_STRING(buffer), (int)PyBytes_GET_SIZE(buffer), 0 ); Py_DECREF(buffer); diff -r 8f978b2891dc Modules/_sqlite/row.c --- a/Modules/_sqlite/row.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Modules/_sqlite/row.c Thu Feb 12 10:18:40 2015 +0200 @@ -159,7 +159,7 @@ Py_ssize_t pysqlite_row_length(pysqlite_ PyObject* pysqlite_row_keys(pysqlite_Row* self, PyObject* args, PyObject* kwargs) { PyObject* list; - int nitems, i; + Py_ssize_t nitems, i; list = PyList_New(0); if (!list) { diff -r 8f978b2891dc Modules/_tkinter.c --- a/Modules/_tkinter.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Modules/_tkinter.c Thu Feb 12 10:18:40 2015 +0200 @@ -21,6 +21,7 @@ Copyright (C) 1994 Steen Lumholt. */ +#define PY_SSIZE_T_CLEAN #include "Python.h" #include @@ -409,7 +410,7 @@ static PyObject * SplitObj(PyObject *arg) { if (PyTuple_Check(arg)) { - int i, size; + Py_ssize_t i, size; PyObject *elem, *newelem, *result; size = PyTuple_Size(arg); @@ -425,7 +426,7 @@ SplitObj(PyObject *arg) return NULL; } if (!result) { - int k; + Py_ssize_t k; if (newelem == elem) { Py_DECREF(newelem); continue; @@ -446,7 +447,7 @@ SplitObj(PyObject *arg) /* Fall through, returning arg. */ } else if (PyList_Check(arg)) { - int i, size; + Py_ssize_t i, size; PyObject *elem, *newelem, *result; size = PyList_GET_SIZE(arg); @@ -632,12 +633,12 @@ Tkapp_New(const char *screenName, const /* some initial arguments need to be in argv */ if (sync || use) { char *args; - int len = 0; + Py_ssize_t len = 0; if (sync) len += sizeof "-sync"; if (use) - len += strlen(use) + sizeof "-use "; + len += strlen(use) + sizeof "-use "; /* never overflows */ args = (char*)PyMem_Malloc(len); if (!args) { @@ -887,9 +888,14 @@ AsObj(PyObject *value) long longVal; int overflow; - if (PyBytes_Check(value)) + if (PyBytes_Check(value)) { + if (PyBytes_GET_SIZE(value) >= INT_MAX) { + PyErr_SetString(PyExc_OverflowError, "bytes object is too long"); + return NULL; + } return Tcl_NewByteArrayObj((unsigned char *)PyBytes_AS_STRING(value), - PyBytes_GET_SIZE(value)); + (int)PyBytes_GET_SIZE(value)); + } else if (PyBool_Check(value)) return Tcl_NewBooleanObj(PyObject_IsTrue(value)); else if (PyLong_CheckExact(value) && @@ -921,7 +927,7 @@ AsObj(PyObject *value) } for (i = 0; i < size; i++) argv[i] = AsObj(PySequence_Fast_GET_ITEM(value,i)); - result = Tcl_NewListObj(size, argv); + result = Tcl_NewListObj((int)size, argv); PyMem_Free(argv); return result; } @@ -946,7 +952,7 @@ AsObj(PyObject *value) } kind = PyUnicode_KIND(value); if (kind == sizeof(Tcl_UniChar)) - return Tcl_NewUnicodeObj(inbuf, size); + return Tcl_NewUnicodeObj(inbuf, (int)size); allocsize = ((size_t)size) * sizeof(Tcl_UniChar); outbuf = (Tcl_UniChar*)PyMem_Malloc(allocsize); /* Else overflow occurred, and we take the next exit */ @@ -971,7 +977,7 @@ AsObj(PyObject *value) #endif outbuf[i] = ch; } - result = Tcl_NewUnicodeObj(outbuf, size); + result = Tcl_NewUnicodeObj(outbuf, (int)size); PyMem_Free(outbuf); return result; } @@ -1139,10 +1145,10 @@ Tkapp_CallArgs(PyObject *args, Tcl_Obj** Tcl_IncrRefCount(objv[i]); } } - *pobjc = objc; + *pobjc = (int)objc; return objv; finally: - Tkapp_CallDeallocArgs(objv, objStore, objc); + Tkapp_CallDeallocArgs(objv, objStore, (int)objc); return NULL; } @@ -1495,7 +1501,6 @@ var_invoke(EventFunc func, PyObject *sel #ifdef WITH_THREAD TkappObject *self = (TkappObject*)selfptr; if (self->threaded && self->thread_id != Tcl_GetCurrentThread()) { - TkappObject *self = (TkappObject*)selfptr; VarEvent *ev; PyObject *res, *exc_type, *exc_val; Tcl_Condition cond = NULL; @@ -2721,20 +2726,20 @@ static PyType_Spec Tkapp_Type_spec = { typedef struct { PyObject* tuple; - int size; /* current size */ - int maxsize; /* allocated size */ + Py_ssize_t size; /* current size */ + Py_ssize_t maxsize; /* allocated size */ } FlattenContext; static int -_bump(FlattenContext* context, int size) +_bump(FlattenContext* context, Py_ssize_t size) { /* expand tuple to hold (at least) size new items. return true if successful, false if an exception was raised */ - int maxsize = context->maxsize * 2; + Py_ssize_t maxsize = context->maxsize*2; /* never overflows */ if (maxsize < context->size + size) - maxsize = context->size + size; + maxsize = context->size + size; /* never overflows */ context->maxsize = maxsize; @@ -2746,7 +2751,7 @@ static int { /* add tuple or list to argument tuple (recursively) */ - int i, size; + Py_ssize_t i, size; if (depth > 1000) { PyErr_SetString(PyExc_ValueError, diff -r 8f978b2891dc Objects/bytesobject.c --- a/Objects/bytesobject.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Objects/bytesobject.c Thu Feb 12 10:18:40 2015 +0200 @@ -673,7 +673,7 @@ PyObject * "* wants int"); goto error; } - prec = PyLong_AsSsize_t(v); + prec = _PyLong_AsInt(v); if (prec == -1 && PyErr_Occurred()) goto error; if (prec < 0) diff -r 8f978b2891dc Objects/codeobject.c --- a/Objects/codeobject.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Objects/codeobject.c Thu Feb 12 10:18:40 2015 +0200 @@ -97,6 +97,7 @@ PyCode_New(int argcount, int kwonlyargco ((flags & CO_VARARGS) != 0) + ((flags & CO_VARKEYWORDS) != 0); Py_ssize_t alloc_size = sizeof(unsigned char) * n_cellvars; int used_cell2arg = 0; + assert(total_args <= 255); cell2arg = PyMem_MALLOC(alloc_size); if (cell2arg == NULL) return NULL; @@ -108,7 +109,7 @@ PyCode_New(int argcount, int kwonlyargco for (j = 0; j < total_args; j++) { PyObject *arg = PyTuple_GET_ITEM(varnames, j); if (!PyUnicode_Compare(cell, arg)) { - cell2arg[i] = j; + cell2arg[i] = (unsigned char)j; used_cell2arg = 1; break; } diff -r 8f978b2891dc Objects/funcobject.c --- a/Objects/funcobject.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Objects/funcobject.c Thu Feb 12 10:18:40 2015 +0200 @@ -629,11 +629,14 @@ function_call(PyObject *func, PyObject * nk = 0; } + assert(PyTuple_GET_SIZE(arg) <= MAX_INT); + assert(nk <= MAX_INT); + assert(nd <= MAX_INT); result = PyEval_EvalCodeEx( PyFunction_GET_CODE(func), PyFunction_GET_GLOBALS(func), (PyObject *)NULL, - &PyTuple_GET_ITEM(arg, 0), PyTuple_GET_SIZE(arg), - k, nk, d, nd, + &PyTuple_GET_ITEM(arg, 0), (int)PyTuple_GET_SIZE(arg), + k, (int)nk, d, (int)nd, PyFunction_GET_KW_DEFAULTS(func), PyFunction_GET_CLOSURE(func)); diff -r 8f978b2891dc Objects/obmalloc.c --- a/Objects/obmalloc.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Objects/obmalloc.c Thu Feb 12 10:18:40 2015 +0200 @@ -1339,7 +1339,7 @@ static void * pool = (poolp)usable_arenas->pool_address; assert((block*)pool <= (block*)usable_arenas->address + ARENA_SIZE - POOL_SIZE); - pool->arenaindex = usable_arenas - arenas; + pool->arenaindex = (uint)(usable_arenas - arenas); assert(&arenas[pool->arenaindex] == usable_arenas); pool->szidx = DUMMY_SIZE_IDX; usable_arenas->pool_address += POOL_SIZE; diff -r 8f978b2891dc Python/ceval.c --- a/Python/ceval.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Python/ceval.c Thu Feb 12 10:18:40 2015 +0200 @@ -4376,7 +4376,8 @@ fast_function(PyObject *func, PyObject * } if (argdefs != NULL) { d = &PyTuple_GET_ITEM(argdefs, 0); - nd = Py_SIZE(argdefs); + assert(Py_SIZE(argdefs) <= MAX_INT); + nd = (int)Py_SIZE(argdefs); } return _PyEval_EvalCodeWithName((PyObject*)co, globals, (PyObject *)NULL, (*pp_stack)-n, na, @@ -4565,7 +4566,8 @@ ext_do_call(PyObject *func, PyObject *** Py_DECREF(stararg); stararg = t; } - nstar = PyTuple_GET_SIZE(stararg); + assert(PyTuple_GET_SIZE(stararg) <= MAX_INT); + nstar = (int)PyTuple_GET_SIZE(stararg); } if (nk > 0) { kwdict = update_keyword_args(kwdict, nk, pp_stack, func); diff -r 8f978b2891dc Python/codecs.c --- a/Python/codecs.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Python/codecs.c Thu Feb 12 10:18:40 2015 +0200 @@ -1006,7 +1006,7 @@ PyObject *PyCodec_NameReplaceErrors(PyOb c = PyUnicode_READ_CHAR(object, i); if (ucnhash_CAPI && ucnhash_CAPI->getname(NULL, c, buffer, sizeof(buffer), 1)) { - replsize = 1+1+1+strlen(buffer)+1; + replsize = 1+1+1+(int)strlen(buffer)+1; } else if (c >= 0x10000) { replsize = 1+1+8; diff -r 8f978b2891dc Python/marshal.c --- a/Python/marshal.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Python/marshal.c Thu Feb 12 10:18:40 2015 +0200 @@ -279,7 +279,7 @@ w_ref(PyObject *v, char *flag, WFILE *p) PyErr_SetString(PyExc_ValueError, "too many objects"); goto err; } - w = s; + w = (int)s; Py_INCREF(v); if (_Py_HASHTABLE_SET(p->hashtable, v, w) < 0) { Py_DECREF(v); diff -r 8f978b2891dc Python/peephole.c --- a/Python/peephole.c Wed Feb 11 18:18:10 2015 +0100 +++ b/Python/peephole.c Thu Feb 12 10:18:40 2015 +0200 @@ -18,7 +18,9 @@ || op==JUMP_IF_FALSE_OR_POP || op==JUMP_IF_TRUE_OR_POP) #define JUMPS_ON_TRUE(op) (op==POP_JUMP_IF_TRUE || op==JUMP_IF_TRUE_OR_POP) #define GETJUMPTGT(arr, i) (GETARG(arr,i) + (ABSOLUTE_JUMP(arr[i]) ? 0 : i+3)) -#define SETARG(arr, i, val) arr[i+2] = val>>8; arr[i+1] = val & 255 +#define SETARG(arr, i, val) assert(-0x8000 <= val && val <= 0x7fff); \ + arr[i+2] = (unsigned char)(((unsigned int)val)>>8); \ + arr[i+1] = (unsigned char)(((unsigned int)val) & 255) #define CODESIZE(op) (HAS_ARG(op) ? 3 : 1) #define ISBASICBLOCK(blocks, start, bytes) \ (blocks[start]==blocks[start+bytes-1]) @@ -355,7 +357,8 @@ PyCode_Optimize(PyObject *code, PyObject unsigned char *codestr = NULL; unsigned char *lineno; int *addrmap = NULL; - int new_line, cum_orig_line, last_line, tabsiz; + int new_line, cum_orig_line, last_line; + Py_ssize_t tabsiz; PyObject **const_stack = NULL; Py_ssize_t *load_const_stack = NULL; Py_ssize_t const_stack_top = -1; @@ -660,7 +663,8 @@ PyCode_Optimize(PyObject *code, PyObject /* Fixup linenotab */ for (i=0, nops=0 ; i