Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: On Sun, Apr 13, 2008 at 11:12 PM, Gregory P. Smith <[EMAIL PROTECTED]> wrote: .. > Here's a patch that fixes this by making both Python's malloc and > realloc return NULL if (0 <= size <= PY_SSIZE_T_MAX). > This will not solve the original problem completely: multiplicative overflow may produce size in the 0 to PY_SSIZE_T_MAX range. Furthemore, malloc and realloc take unsigned arguments and I believe there are cases when they are called with unsigned arguments in python code. Using the proposed macro definitions in these cases will lead to compiler warnings.
I don't object to limiting the allowed malloc/realoc size, but the check should be expressed as unsigned comparison: (size_t)(n) > (size_t)PY_SSIZE_T_MAX and multiplications by n > 2 should still be checked for overflow before the result can be used for malloc. __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2620> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
