In several places such dungerous code used to check the integer overflow:

  size = n * itemsize;
  if (size / itemsize != n) raise exception...

Because these values are signed, this results in undefined behavior.

The proposed patches replace similar unsafe code to safe one. Note that the patches for the different versions are substantially different.

The patches looks good for me, but I like to double check before commit.
Let's wait for a week for other reviewers.

It's maybe safer (and simpler) to not touch such code in Python older than 3.4.

It's maybe safer (and simpler) to not touch such code in Python
older than 3.4.

So far, I've been fixing these overflow bugs only in the development branches, unless they can be shown to cause actual bugs. That said, I think it's probably okay to apply these for 3.3 as well as 3.4, especially since the 3.3 patch is smaller than the others. I'll review and apply.

especially since the 3.3 patch is smaller than the others.

It's becouse 3.3 already contains some fixes which was not be backported to
older versions.

It's becouse 3.3 already contains some fixes which was not be backported
to older versions.

Yes, exactly! That's what I meant when I said:

"So far, I've been fixing these overflow bugs only in the development branches"

There were lots of integer overflow occurrences like these found by John Regehr in bpo-9530. I chose to fix those only in the current development branch, which was 3.3 at the time. Since we've made an effort to clean up 3.3 in that respect, I think it's worth finishing that job off by applying your patch both to 3.3 and 3.4.

unless they can be shown to cause actual bugs.

See bpo-14700.

Serhiy, I don't understand what you're getting at. Can you explain?

New changeset 152d85b2da3a by Mark Dickinson in branch '3.3':
Issue bpo-16096: Fix several occurrences of potential signed integer overflow. Thanks Serhiy Storchaka.
http://hg.python.org/cpython/rev/152d85b2da3a

New changeset faae99459b43 by Mark Dickinson in branch 'default':
Issue bpo-16096: Merge fixes from 3.3.
http://hg.python.org/cpython/rev/faae99459b43

Applied the 3.3 patch to 3.3 and default, with some minor changes:

• revert the Objects/longobject.c changes, since they don't depend
  on signed overflow

• fix the second change in Objects/tupleobject.c so that the overflow check happens before the multiplication rather than after.

Whoops. I take it back about the Objects/longobject.c bit. Fixing ...

New changeset 906ae6485cb8 by Mark Dickinson in branch '3.3':
Issue bpo-16096: Fix signed overflow in Objects/longobject.c. Thanks Serhiy Storchaka.
http://hg.python.org/cpython/rev/906ae6485cb8

New changeset b728aac3bdb3 by Mark Dickinson in branch 'default':
Issue bpo-16096: port fix from 3.3
http://hg.python.org/cpython/rev/b728aac3bdb3

In bpo-14700 were fixed two actual bugs. The fix was not be backported to older
versions (and this changes included in patches for this issue). I think it is
better to reopen bpo-14700 for backporting fixes to 2.7 and 3.2?

Yes, reopening bpo-14700 sounds good to me.

I'm not against fixing these issues in the bugfix branches, but we need to do it carefully (which unfortunately probably also means slowly). I think that for the bugfix branches, each fix should be accompanied by a test that exercises the original bug. I'd also suggest having a separate issue for each bug, for ease of review.

I'd probably also prioritise those bugs that can be triggered without having huge structures in memory: e.g., the bpo-14700 bug seems more important to fix than the PyTuple_New bug.

Here are updated to current codebase patches for 2.7 and 3.2. It seems that
all the rest of overflows are hypothetical bugs and do not appear on the
current supported platforms. Fix them is not necessary (rather for purity). If
no one can see visible bugs, I'll close this issue soon.

I withdraw my patches for 2.7 and 3.2 due to the fact that they have no visible effect on supported platforms. Patches for 3.3+ already committed, therefore I close this issue.