Tomas Hoger <tho...@redhat.com> added the comment: > Do you have any Python examples that failed to trigger the overflow > on your platform?
No, I've not really tried to create some, as I found it while looking into similar checks added to rgbimg module (which is dead and removed upstream now) in the same commit r64114. Having another close look, I can reproduce crash with lin2lin: audioop.lin2lin("A"*0x40000001, 1, 4) ratecv may cause issues too. Other cases use for loop with multiplication product as an upper bound, so the integer overflow should be harmless in those case. > is there something about the formats that audioop is dealing > with that limits sizes to INT_MAX (rather than PY_SSIZE_T_MAX, > for example)? I've started looking into this on oldish python 2.4, where PyString_FromStringAndSize accepts int size, rather than Py_ssize_t. Rest of the audioop code was using ints too. It's possible it is ok to more to size_t in current python version. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue8674> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com