diff --git a/Misc/NEWS b/Misc/NEWS index de0ec5defab..e091706aec2 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -64,6 +64,9 @@ Core and Builtins Library ------- +- Issue #14888: Fix misbehaviour of the _md5 module when called on data + larger than 2**32 bytes. + - Issue #14875: Use float('inf') instead of float('1e66666') in the json module. - Issue #14572: Prevent build failures with pre-3.5.0 versions of diff --git a/Modules/md5module.c b/Modules/md5module.c index 0683ef50ba5..3461623086c 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -262,6 +262,8 @@ MD5_new(PyObject *self, PyObject *args) { md5object *md5p; Py_buffer view = { 0 }; + Py_ssize_t n; + unsigned char *buf; if (!PyArg_ParseTuple(args, "|s*:new", &view)) return NULL; @@ -271,9 +273,18 @@ MD5_new(PyObject *self, PyObject *args) return NULL; } - if (view.len > 0) { - md5_append(&md5p->md5, (unsigned char*)view.buf, - Py_SAFE_DOWNCAST(view.len, Py_ssize_t, unsigned int)); + n = view.len; + buf = (unsigned char *) view.buf; + while (n > 0) { + Py_ssize_t nbytes; + if (n > INT_MAX) + nbytes = INT_MAX; + else + nbytes = n; + md5_append(&md5p->md5, buf, + Py_SAFE_DOWNCAST(nbytes, Py_ssize_t, unsigned int)); + buf += nbytes; + n -= nbytes; } PyBuffer_Release(&view);