mirror of https://github.com/python/cpython
Carefully check for overflow when allocating the memory for fromfile
-- someone tried to pass in sys.maxint and got bitten by the bogus calculations.
This commit is contained in:
parent
24f8579ee4
commit
3791b0de36
|
@ -935,8 +935,15 @@ array_fromfile(self, args)
|
|||
char *item = self->ob_item;
|
||||
int itemsize = self->ob_descr->itemsize;
|
||||
int nread;
|
||||
PyMem_RESIZE(item, char, (self->ob_size + n) * itemsize);
|
||||
int newlength;
|
||||
size_t newbytes;
|
||||
/* Be careful here about overflow */
|
||||
if ((newlength = self->ob_size + n) <= 0 ||
|
||||
(newbytes = newlength * itemsize) / itemsize != newlength)
|
||||
goto nomem;
|
||||
PyMem_RESIZE(item, char, newbytes);
|
||||
if (item == NULL) {
|
||||
nomem:
|
||||
PyErr_NoMemory();
|
||||
return NULL;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue