[Python-Dev] Memory size overflows

[Guido van Rossum]

> if we know we're not interested in anything other than 32-bit products,
> 
>     double _prod = (double)src1 * (double)src2;
>     if (_prod < 4294967296.0) /* 2**32 */
>         result = (size_t)_prod;
>     else
>         overflow;
> 
> does the trick reliably on all platforms I know of -- although not
> all Python platforms support floating-point efficiently!

I like this one, as well as the one using 64-bit precision.  I wonder
if we could collect a bunch of different macros and make them tunable
for different platforms?  (Including a "don't check for overflow"
version for people who wanna play fast and loose. :-)  The trick will
to ensure that the macro arguments are used exactly once in all
versions (otherwise switching macros might unveal a new class of
bugs).

Apart from *how* to check, there's a variety of cases depending on the
types of the input and output variables.

There's the ob_size calculation for sequence repeat, which takes a C
int and a C long and should return something that fits in a C int; and
there's the malloc size calculation for various ones, which should
take an int and a (small constant) size_t and return a size_t.

So maybe we need two macros: one for int*long->int, and one for
int*size_t->size_t?  With several different implementations, chosen by
configure.

But first we'd have to see of there are enough places to benefit from
such elaborate machinery.

There are also additions, usually of small constants, which generally
operate on the size_t.  These are easier to test: if you add a small
positive constant to a size_t, and the result is smaller than the
original size_t, an overflow occurred.  Similar for plain ints.  So
I'm not sure we need much help with these.

--Guido van Rossum (home page: http://www.python.org/~guido/)