traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-35091: Objects/listobject.c: Replace overflow checks in gallop fu… (GH-10202) 

…nctions with asserts

The actual overflow can never happen because of the following:
* The size of a list can't be greater than PY_SSIZE_T_MAX / sizeof(PyObject*).
* The size of a pointer on all supported plaftorms is at least 4 bytes.
* ofs is positive and less than the list size at the beginning of each iteration.





https://bugs.python.org/issue35091
This commit is contained in:
Alexey Izbyshev 2019-05-23 03:01:08 +03:00 committed by Miss Islington (bot)
parent df22c03b93
commit 6bc5917903
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Objects/listobject.c
View File

@ -1380,9 +1380,8 @@ gallop_left(MergeState *ms, PyObject *key, PyObject **a, Py_ssize_t n, Py_ssize_
while (ofs < maxofs) { while (ofs < maxofs) {
IFLT(a[ofs], key) { IFLT(a[ofs], key) {
lastofs = ofs; lastofs = ofs;
assert(ofs <= (PY_SSIZE_T_MAX - 1) / 2);
ofs = (ofs << 1) + 1; ofs = (ofs << 1) + 1;
if (ofs <= 0) /* int overflow */
ofs = maxofs;
} }
else /* key <= a[hint + ofs] */ else /* key <= a[hint + ofs] */
break; break;
@ -1403,9 +1402,8 @@ gallop_left(MergeState *ms, PyObject *key, PyObject **a, Py_ssize_t n, Py_ssize_
break; break;
/* key <= a[hint - ofs] */ /* key <= a[hint - ofs] */
lastofs = ofs; lastofs = ofs;
assert(ofs <= (PY_SSIZE_T_MAX - 1) / 2);
ofs = (ofs << 1) + 1; ofs = (ofs << 1) + 1;
if (ofs <= 0) /* int overflow */
ofs = maxofs;
} }
if (ofs > maxofs) if (ofs > maxofs)
ofs = maxofs; ofs = maxofs;
@ -1471,9 +1469,8 @@ gallop_right(MergeState *ms, PyObject *key, PyObject **a, Py_ssize_t n, Py_ssize
while (ofs < maxofs) { while (ofs < maxofs) {
IFLT(key, *(a-ofs)) { IFLT(key, *(a-ofs)) {
lastofs = ofs; lastofs = ofs;
assert(ofs <= (PY_SSIZE_T_MAX - 1) / 2);
ofs = (ofs << 1) + 1; ofs = (ofs << 1) + 1;
if (ofs <= 0) /* int overflow */
ofs = maxofs;
} }
else /* a[hint - ofs] <= key */ else /* a[hint - ofs] <= key */
break; break;
@ -1495,9 +1492,8 @@ gallop_right(MergeState *ms, PyObject *key, PyObject **a, Py_ssize_t n, Py_ssize
break; break;
/* a[hint + ofs] <= key */ /* a[hint + ofs] <= key */
lastofs = ofs; lastofs = ofs;
assert(ofs <= (PY_SSIZE_T_MAX - 1) / 2);
ofs = (ofs << 1) + 1; ofs = (ofs << 1) + 1;
if (ofs <= 0) /* int overflow */
ofs = maxofs;
} }
if (ofs > maxofs) if (ofs > maxofs)
ofs = maxofs; ofs = maxofs;