mirror of https://github.com/python/cpython
Carefully check for overflow when allocating the memory for fromfile
-- someone tried to pass in sys.maxint and got bitten by the bogus calculations.
This commit is contained in:
parent
24f8579ee4
commit
3791b0de36
|
@ -935,8 +935,15 @@ array_fromfile(self, args)
|
||||||
char *item = self->ob_item;
|
char *item = self->ob_item;
|
||||||
int itemsize = self->ob_descr->itemsize;
|
int itemsize = self->ob_descr->itemsize;
|
||||||
int nread;
|
int nread;
|
||||||
PyMem_RESIZE(item, char, (self->ob_size + n) * itemsize);
|
int newlength;
|
||||||
|
size_t newbytes;
|
||||||
|
/* Be careful here about overflow */
|
||||||
|
if ((newlength = self->ob_size + n) <= 0 ||
|
||||||
|
(newbytes = newlength * itemsize) / itemsize != newlength)
|
||||||
|
goto nomem;
|
||||||
|
PyMem_RESIZE(item, char, newbytes);
|
||||||
if (item == NULL) {
|
if (item == NULL) {
|
||||||
|
nomem:
|
||||||
PyErr_NoMemory();
|
PyErr_NoMemory();
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue