From 041a4ee9456d716dd449d38a5328b82e76f5dbc4 Mon Sep 17 00:00:00 2001
From: Zackery Spytz <zspytz@gmail.com>
Date: Sun, 22 Jul 2018 10:53:56 -0600
Subject: [PATCH] bpo-25943: Check for integer overflow in bsddb's DB_join().
 (GH-8392)

---
 Modules/_bsddb.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Modules/_bsddb.c b/Modules/_bsddb.c
index a8867942b1f..6a1c188cbd9 100644
--- a/Modules/_bsddb.c
+++ b/Modules/_bsddb.c
@@ -2257,7 +2257,7 @@ static PyObject*
 DB_join(DBObject* self, PyObject* args)
 {
     int err, flags=0;
-    int length, x;
+    Py_ssize_t length, x;
     PyObject* cursorsObj;
     DBC** cursors;
     DBC*  dbc;
@@ -2274,6 +2274,12 @@ DB_join(DBObject* self, PyObject* args)
     }
 
     length = PyObject_Length(cursorsObj);
+    if (length == -1) {
+        return NULL;
+    }
+    if (length >= PY_SSIZE_T_MAX / sizeof(DBC*)) {
+        return PyErr_NoMemory();
+    }
     cursors = malloc((length+1) * sizeof(DBC*));
     if (!cursors) {
         PyErr_NoMemory();