changeset:   94448:014886dae5c4
branch:      3.3
parent:      94441:1801b2571587
user:        Benjamin Peterson <benjamin@python.org>
date:        Sun Feb 01 20:59:00 2015 -0500
files:       Lib/test/test_itertools.py Misc/NEWS Modules/itertoolsmodule.c
description:
detect overflow in combinations (closes #23366)


diff -r 1801b2571587 -r 014886dae5c4 Lib/test/test_itertools.py
--- a/Lib/test/test_itertools.py	Sun Feb 01 18:02:09 2015 -0500
+++ b/Lib/test/test_itertools.py	Sun Feb 01 20:59:00 2015 -0500
@@ -258,6 +258,11 @@
 
                 self.pickletest(combinations(values, r))                 # test pickling
 
+    @support.bigaddrspacetest
+    def test_combinations_overflow(self):
+        with self.assertRaises(OverflowError):
+            combinations("AA", 2**29)
+
         # Test implementation detail:  tuple re-use
     @support.impl_detail("tuple reuse is specific to CPython")
     def test_combinations_tuple_reuse(self):
diff -r 1801b2571587 -r 014886dae5c4 Misc/NEWS
--- a/Misc/NEWS	Sun Feb 01 18:02:09 2015 -0500
+++ b/Misc/NEWS	Sun Feb 01 20:59:00 2015 -0500
@@ -19,6 +19,8 @@
 - Issue #23369: Fixed possible integer overflow in
   _json.encode_basestring_ascii.
 
+- Issue #23366: Fixed possible integer overflow in itertools.combinations.
+
 
 What's New in Python 3.3.6?
 ===========================
diff -r 1801b2571587 -r 014886dae5c4 Modules/itertoolsmodule.c
--- a/Modules/itertoolsmodule.c	Sun Feb 01 18:02:09 2015 -0500
+++ b/Modules/itertoolsmodule.c	Sun Feb 01 20:59:00 2015 -0500
@@ -2326,6 +2326,10 @@
         goto error;
     }
 
+    if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) {
+        PyErr_SetString(PyExc_OverflowError, "r is too big");
+        goto error;
+    }
     indices = PyMem_Malloc(r * sizeof(Py_ssize_t));
     if (indices == NULL) {
         PyErr_NoMemory();