diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py index 5cb0b0802d4..52a41b5b8ad 100644 --- a/Lib/test/test_itertools.py +++ b/Lib/test/test_itertools.py @@ -264,6 +264,11 @@ class TestBasicOps(unittest.TestCase): for proto in range(pickle.HIGHEST_PROTOCOL + 1): self.pickletest(proto, combinations(values, r)) # test pickling + @support.bigaddrspacetest + def test_combinations_overflow(self): + with self.assertRaises(OverflowError): + combinations("AA", 2**29) + # Test implementation detail: tuple re-use @support.impl_detail("tuple reuse is specific to CPython") def test_combinations_tuple_reuse(self): diff --git a/Misc/NEWS b/Misc/NEWS index 40c0f015c39..27c0f02bc76 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -229,6 +229,8 @@ Library - Issue #23326: Removed __ne__ implementations. Since fixing default __ne__ implementation in issue #21408 they are redundant. +- Issue #23366: Fixed possible integer overflow in itertools.combinations. + - Issue #23369: Fixed possible integer overflow in _json.encode_basestring_ascii. diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c index ae5b166561d..b631c352bed 100644 --- a/Modules/itertoolsmodule.c +++ b/Modules/itertoolsmodule.c @@ -2359,6 +2359,10 @@ combinations_new(PyTypeObject *type, PyObject *args, PyObject *kwds) goto error; } + if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) { + PyErr_SetString(PyExc_OverflowError, "r is too big"); + goto error; + } indices = PyMem_Malloc(r * sizeof(Py_ssize_t)); if (indices == NULL) { PyErr_NoMemory();