changeset:   102398:646ad4894c32
parent:      102395:61bb66fe1fb7
parent:      102396:54cc0480904c
user:        Martin Panter <vadmium+py@gmail.com>
date:        Mon Jul 18 08:18:32 2016 +0000
files:       Misc/NEWS Objects/bytearrayobject.c
description:
Issue #27507: Merge overflow check from 3.5


diff -r 61bb66fe1fb7 -r 646ad4894c32 Misc/NEWS
--- a/Misc/NEWS	Sun Jul 17 21:58:11 2016 -0700
+++ b/Misc/NEWS	Mon Jul 18 08:18:32 2016 +0000
@@ -10,6 +10,9 @@
 Core and Builtins
 -----------------
 
+- Issue #27507: Add integer overflow check in bytearray.extend().  Patch by
+  Xiang Zhang.
+
 - Issue #27419: Standard __import__() no longer look up "__import__" in globals
   or builtins for importing submodules or "from import".  Fixed a crash if
   raise a warning about unabling to resolve package from __spec__ or
diff -r 61bb66fe1fb7 -r 646ad4894c32 Objects/bytearrayobject.c
--- a/Objects/bytearrayobject.c	Sun Jul 17 21:58:11 2016 -0700
+++ b/Objects/bytearrayobject.c	Mon Jul 18 08:18:32 2016 +0000
@@ -1642,7 +1642,17 @@
         Py_DECREF(item);
 
         if (len >= buf_size) {
-            buf_size = len + (len >> 1) + 1;
+            Py_ssize_t addition;
+            if (len == PY_SSIZE_T_MAX) {
+                Py_DECREF(it);
+                Py_DECREF(bytearray_obj);
+                return PyErr_NoMemory();
+            }
+            addition = len >> 1;
+            if (addition > PY_SSIZE_T_MAX - len - 1)
+                buf_size = PY_SSIZE_T_MAX;
+            else
+                buf_size = len + addition + 1;
             if (PyByteArray_Resize((PyObject *)bytearray_obj, buf_size) < 0) {
                 Py_DECREF(it);
                 Py_DECREF(bytearray_obj);