New submission from Clement Rouault:
I found an interger overflow in the standard iterator object
(Objects/iterobject.c)
The `it_index` attribute used by the iterator is a `Py_ssize_t` but overflow is
never checked. So after the index `PY_SSIZE_T_MAX`, the iterator object will
ask for the index `PY_SSIZE_T_MIN`.
Here is an example:
import sys
class Seq:
def __getitem__(self, item):
print("[-] Asked for item at <{0}>".format(item))
return 0
s = Seq()
i = iter(s)
# Manually set `it_index` to PY_SSIZE_T_MAX without a loop
i.__setstate__(sys.maxsize)
next(i)
[-] Asked for item at <9223372036854775807>
next(i)
[-] Asked for item at <-9223372036854775808>
I would be really interested in writing a patch but first I wanted to discuss
the expected behaviour and fix.
The iterator could stop after `PY_SSIZE_T_MAX` but it seems strange as other
iterator (like `enumobject`) handle values bigger than `PY_SSIZE_T_MAX`.
Or the same technique used in `enumobject` could be used: adding a field
`PyObject* en_longindex` (a python long) which would be used for values bigger
than `PY_SSIZE_T_MAX`
----------
components: Interpreter Core
messages: 231651
nosy: hakril
priority: normal
severity: normal
status: open
title: integer overflow in iterator object
type: behavior
versions: Python 3.5
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue22939>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
