[issue18295] Possible integer overflow in PyCode_New()
Serhiy Storchaka
report at bugs.python.org
Thu Feb 12 21:32:02 CET 2015
Serhiy Storchaka added the comment:
Many of these overflows can be provoked by specially constructed function, code object or bytecode.
Also I think following examples crash or return wrong result on 64 bit platform:
def f(*args, **kwargs): return len(args), len(kwargs)
f(*([0]*(2**32+1)))
f(**dict.fromkeys(map(hex, range(2**31+1))))
Here is updated patch which handles overflows in non-debug build. It prevent creating Python function with more than 255 default values (in any case compiler and interpreter don't support more than 255 arguments) and raise exception when function is called with too many arguments or too large *args or **kwargs.
----------
stage: -> patch review
type: -> crash
Added file: http://bugs.python.org/file38116/code_ssize_t_2.patch.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18295>
_______________________________________
More information about the Python-bugs-list
mailing list