This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Possible signed integer overflow in slice handling
Type: behavior Stage: resolved
Components: Extension Modules, Interpreter Core Versions: Python 3.8, Python 3.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: BTaskaya, ZackerySpytz, martin.panter, miss-islington, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2019-05-17 05:48 by ZackerySpytz, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 13375 merged ZackerySpytz, 2019-05-17 05:58
PR 13376 merged miss-islington, 2019-05-17 07:14
PR 15639 merged hongweipeng, 2019-09-02 08:27
PR 15729 merged miss-islington, 2019-09-08 10:16
Messages (7)
msg342689 - (view) Author: Zackery Spytz (ZackerySpytz) * (Python triager) Date: 2019-05-17 05:48
Python 3.8.0a4+ (heads/master:870b035bc6, May 16 2019, 20:53:02) 
[GCC 9.0.1 20190402 (experimental) [trunk revision 270074]] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> 'hi'[1::sys.maxsize]
Objects/unicodeobject.c:14038:55: runtime error: signed integer overflow: 1 + 9223372036854775807 cannot be represented in type 'long int'

This is because unicode_subscript() performs an extra addition (cur += step) at the end of the for loop (which can overflow). The result of that final addition is not actually used.

A patch to fix this issue was posted on #1621, but it seems that the patch has been abandoned. The bug is also described in detail in that issue. I have tweaked the patch and will open a PR.
msg342690 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-05-17 07:13
New changeset 14514d9084a40f599c57da853a305aa264562a43 by Serhiy Storchaka (Zackery Spytz) in branch 'master':
bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)
msg342691 - (view) Author: miss-islington (miss-islington) Date: 2019-05-17 07:33
New changeset f02d1a43c6be658cd279edb90e8e96c99e1127e7 by Miss Islington (bot) in branch '3.7':
bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)
msg350368 - (view) Author: Batuhan Taskaya (BTaskaya) * (Python committer) Date: 2019-08-24 11:29
Should we close this?
msg351321 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-09-08 10:16
New changeset 3c87a667bb367ace1de6bd1577fdb4f66947da52 by Serhiy Storchaka (HongWeipeng) in branch 'master':
bpo-36946:Fix possible signed integer overflow when handling slices. (GH-15639)
msg351323 - (view) Author: miss-islington (miss-islington) Date: 2019-09-08 10:36
New changeset 021e5db20bc19d678a5b94247a5cdcf689eff006 by Miss Islington (bot) in branch '3.7':
bpo-36946:Fix possible signed integer overflow when handling slices. (GH-15639)
msg351325 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-09-08 10:54
Thank you Zackery and HongWeipeng for your contribution!
Date User Action Args
2022-04-11 14:59:15adminsetgithub: 81127
2019-09-08 10:54:41serhiy.storchakasetstatus: open -> closed
resolution: fixed
messages: + msg351325

stage: patch review -> resolved
2019-09-08 10:36:41miss-islingtonsetmessages: + msg351323
2019-09-08 10:16:49miss-islingtonsetpull_requests: + pull_request15383
2019-09-08 10:16:00serhiy.storchakasetmessages: + msg351321
2019-09-02 08:27:13hongweipengsetpull_requests: + pull_request15305
2019-08-24 11:29:29BTaskayasetnosy: + BTaskaya
messages: + msg350368
2019-05-17 07:33:13miss-islingtonsetnosy: + miss-islington
messages: + msg342691
2019-05-17 07:14:06miss-islingtonsetpull_requests: + pull_request13287
2019-05-17 07:13:26serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg342690
2019-05-17 05:58:50ZackerySpytzsetkeywords: + patch
stage: patch review
pull_requests: + pull_request13286
2019-05-17 05:48:44ZackerySpytzcreate