traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-25943: Check for integer overflow in bsddb's DB_join(). (GH-8392)

This commit is contained in:
Zackery Spytz 2018-07-22 10:53:56 -06:00 committed by Serhiy Storchaka
parent 3252205077
commit 041a4ee945
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Modules/_bsddb.c
View File

@ -2257,7 +2257,7 @@ static PyObject*
DB_join(DBObject* self, PyObject* args) DB_join(DBObject* self, PyObject* args)
{ {
int err, flags=0; int err, flags=0;
int length, x; Py_ssize_t length, x;
PyObject* cursorsObj; PyObject* cursorsObj;
DBC** cursors; DBC** cursors;
DBC* dbc; DBC* dbc;
@ -2274,6 +2274,12 @@ DB_join(DBObject* self, PyObject* args)
} }
length = PyObject_Length(cursorsObj); length = PyObject_Length(cursorsObj);
if (length == -1) {
return NULL;
}
if (length >= PY_SSIZE_T_MAX / sizeof(DBC*)) {
return PyErr_NoMemory();
}
cursors = malloc((length+1) * sizeof(DBC*)); cursors = malloc((length+1) * sizeof(DBC*));
if (!cursors) { if (!cursors) {
PyErr_NoMemory(); PyErr_NoMemory();