From a5c0e6d6c8e3513017009796ff34bb9c14512559 Mon Sep 17 00:00:00 2001
From: Guido van Rossum <guido@python.org>
Date: Fri, 11 Oct 2002 21:05:56 +0000
Subject: [PATCH] Add checks for size overflow on list*n, list+list,
 tuple+tuple.

Will backport.
---
 Objects/listobject.c  | 4 ++++
 Objects/tupleobject.c | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/Objects/listobject.c b/Objects/listobject.c
index 64de38bcb32..2cb08d31665 100644
--- a/Objects/listobject.c
+++ b/Objects/listobject.c
@@ -391,6 +391,8 @@ list_concat(PyListObject *a, PyObject *bb)
 	}
 #define b ((PyListObject *)bb)
 	size = a->ob_size + b->ob_size;
+	if (size < 0)
+		return PyErr_NoMemory();
 	np = (PyListObject *) PyList_New(size);
 	if (np == NULL) {
 		return NULL;
@@ -419,6 +421,8 @@ list_repeat(PyListObject *a, int n)
 	if (n < 0)
 		n = 0;
 	size = a->ob_size * n;
+	if (size/a->ob_size != n)
+		return PyErr_NoMemory();
 	np = (PyListObject *) PyList_New(size);
 	if (np == NULL)
 		return NULL;
diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c
index 6c2162aa691..3a8f072a263 100644
--- a/Objects/tupleobject.c
+++ b/Objects/tupleobject.c
@@ -330,6 +330,8 @@ tupleconcat(register PyTupleObject *a, register PyObject *bb)
 	}
 #define b ((PyTupleObject *)bb)
 	size = a->ob_size + b->ob_size;
+	if (size < 0)
+		return PyErr_NoMemory();
 	np = (PyTupleObject *) PyTuple_New(size);
 	if (np == NULL) {
 		return NULL;