Author belopolsky
Recipients belopolsky, gregory.p.smith, jnferguson, lemburg, nnorwitz
Date 2008-04-14.03:29:32
SpamBayes Score 0.00479682
Marked as misclassified No
Message-id <d38f5330804132029m55cfb22fib42f77da9e577e30@mail.gmail.com>
In-reply-to <1208142764.87.0.11104603642.issue2620@psf.upfronthosting.co.za>
Content
On Sun, Apr 13, 2008 at 11:12 PM, Gregory P. Smith
<report@bugs.python.org> wrote:
..
>  Here's a patch that fixes this by making both Python's malloc and
>  realloc return NULL if (0 <= size <= PY_SSIZE_T_MAX).
>
This will not solve the original problem completely: multiplicative
overflow may produce size in the 0 to PY_SSIZE_T_MAX range.
Furthemore, malloc and realloc take unsigned arguments and I believe
there are cases when they are called with unsigned arguments in python
code.  Using the proposed macro definitions in these cases will lead
to compiler warnings.

I don't object to limiting the allowed malloc/realoc size, but the
check should be expressed as unsigned comparison:  (size_t)(n) >
(size_t)PY_SSIZE_T_MAX and multiplications by n > 2 should still be
checked for overflow before the result can be used for malloc.
History
Date User Action Args
2008-04-14 03:29:34belopolskysetspambayes_score: 0.00479682 -> 0.00479682
recipients: + belopolsky, lemburg, nnorwitz, gregory.p.smith, jnferguson
2008-04-14 03:29:33belopolskylinkissue2620 messages
2008-04-14 03:29:33belopolskycreate