[Python-checkins] cpython (2.7): avoid overflow with large buffer sizes and/or offsets (closes #21831)
benjamin.peterson
python-checkins at python.org
Tue Jun 24 05:13:55 CEST 2014
http://hg.python.org/cpython/rev/8d963c7db507
changeset: 91351:8d963c7db507
branch: 2.7
user: Benjamin Peterson <benjamin at python.org>
date: Mon Jun 23 20:12:27 2014 -0700
summary:
avoid overflow with large buffer sizes and/or offsets (closes #21831)
files:
Lib/test/test_buffer.py | 6 ++++++
Misc/NEWS | 3 +++
Objects/bufferobject.c | 4 ++--
3 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/Lib/test/test_buffer.py b/Lib/test/test_buffer.py
--- a/Lib/test/test_buffer.py
+++ b/Lib/test/test_buffer.py
@@ -4,6 +4,7 @@
"""
+import sys
import unittest
from test import test_support
@@ -29,6 +30,11 @@
m = memoryview(b) # Should not raise an exception
self.assertEqual(m.tobytes(), s)
+ def test_large_buffer_size_and_offset(self):
+ data = bytearray('hola mundo')
+ buf = buffer(data, sys.maxsize, sys.maxsize)
+ self.assertEqual(buf[:4096], "")
+
def test_main():
with test_support.check_py3k_warnings(("buffer.. not supported",
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,9 @@
Core and Builtins
-----------------
+- Issue #21831: Avoid integer overflow when large sizes and offsets are given to
+ the buffer type.
+
- Issue #1856: Avoid crashes and lockups when daemon threads run while the
interpreter is shutting down; instead, these threads are now killed when they
try to take the GIL.
diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c
--- a/Objects/bufferobject.c
+++ b/Objects/bufferobject.c
@@ -88,7 +88,7 @@
*size = count;
else
*size = self->b_size;
- if (offset + *size > count)
+ if (*size > count - offset)
*size = count - offset;
}
return 1;
@@ -875,4 +875,4 @@
0, /* tp_init */
0, /* tp_alloc */
buffer_new, /* tp_new */
-};
\ No newline at end of file
+};
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list