[Python-checkins] gh-91421: Use constant value check during runtime (GH-91422) (GH-91493)

JelleZijlstra webhook-mailer at python.org
Wed Apr 13 21:38:59 EDT 2022 

https://github.com/python/cpython/commit/edf1a77f239069235f59103cfd8ce7f939c7fd10
commit: edf1a77f239069235f59103cfd8ce7f939c7fd10
branch: 3.9
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: JelleZijlstra <jelle.zijlstra at gmail.com>
date: 2022-04-13T18:38:55-07:00
summary:

gh-91421: Use constant value check during runtime (GH-91422) (GH-91493)

The left-hand side expression of the if-check can be converted to a
constant by the compiler, but the addition on the right-hand side is
performed during runtime.

Move the addition from the right-hand side to the left-hand side by
turning it into a subtraction there. Since the values are known to
be large enough to not turn negative, this is a safe operation.

Prevents a very unlikely integer overflow on 32 bit systems.

Fixes GH-91421.
(cherry picked from commit 0859368335d470b9ff33fc53ed9a85ec2654b278)

Co-authored-by: Tobias Stoeckmann <stoeckmann at users.noreply.github.com>

files:
A Misc/NEWS.d/next/Core and Builtins/2022-04-10-22-57-27.gh-issue-91421.dHhv6U.rst
M Objects/unicodeobject.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-04-10-22-57-27.gh-issue-91421.dHhv6U.rst b/Misc/NEWS.d/next/Core and Builtins/2022-04-10-22-57-27.gh-issue-91421.dHhv6U.rst
new file mode 100644
index 0000000000000..898eb0df18d01
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2022-04-10-22-57-27.gh-issue-91421.dHhv6U.rst	
@@ -0,0 +1 @@
+Fix a potential integer overflow in _Py_DecodeUTF8Ex.
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 7767d140e6c39..369f91342e3ac 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -5219,7 +5219,7 @@ _Py_DecodeUTF8Ex(const char *s, Py_ssize_t size, wchar_t **wstr, size_t *wlen,
 
     /* Note: size will always be longer than the resulting Unicode
        character count */
-    if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(wchar_t) < (size + 1)) {
+    if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(wchar_t) - 1 < size) {
         return -1;
     }

More information about the Python-checkins mailing list