This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author hakril
Recipients hakril
Date 2014-11-25.10:56:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I found an interger overflow in the standard iterator object (Objects/iterobject.c)

The `it_index` attribute used by the iterator is a `Py_ssize_t` but overflow is never checked. So after the index `PY_SSIZE_T_MAX`, the iterator object will ask for the index `PY_SSIZE_T_MIN`.

Here is an example:

    import sys

    class Seq:
        def __getitem__(self, item):
            print("[-] Asked for item at <{0}>".format(item))
            return 0

    s = Seq()
    i = iter(s)
    # Manually set `it_index` to PY_SSIZE_T_MAX without a loop

    [-] Asked for item at <9223372036854775807>
    [-] Asked for item at <-9223372036854775808>

I would be really interested in writing a patch but first I wanted to discuss the expected behaviour and fix.

The iterator could stop after `PY_SSIZE_T_MAX` but it seems strange as other iterator (like `enumobject`) handle values bigger than `PY_SSIZE_T_MAX`.

Or the same technique used in `enumobject` could be used: adding a field `PyObject* en_longindex` (a python long) which would be used for values bigger than `PY_SSIZE_T_MAX`
Date User Action Args
2014-11-25 10:56:33hakrilsetrecipients: + hakril
2014-11-25 10:56:33hakrilsetmessageid: <>
2014-11-25 10:56:33hakrillinkissue22939 messages
2014-11-25 10:56:32hakrilcreate