Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 623fdb9

Browse files
tim-onetim-one
committed
PyNode_AddChild() and fancy_roundup(): Be paranoid about int overflow.
1 parent cccd1e7 commit 623fdb9

1 file changed

Lines changed: 7 additions & 2 deletions

File tree

Parser/node.c

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,18 @@ PyNode_New(int type)
1818
return n;
1919
}
2020

21-
/* See comments at XXXROUNDUP below. */
21+
/* See comments at XXXROUNDUP below. Returns -1 on overflow. */
2222
static int
2323
fancy_roundup(int n)
2424
{
2525
/* Round up to the closest power of 2 >= n. */
2626
int result = 256;
2727
assert(n > 128);
28-
while (result < n)
28+
while (result < n) {
2929
result <<= 1;
30+
if (result <= 0)
31+
return -1;
32+
}
3033
return result;
3134
}
3235

@@ -62,6 +65,8 @@ PyNode_AddChild(register node *n1, int type, char *str, int lineno)
6265

6366
current_capacity = XXXROUNDUP(nch);
6467
required_capacity = XXXROUNDUP(nch + 1);
68+
if (current_capacity < 0 || required_capacity < 0)
69+
return E_OVERFLOW;
6570
if (current_capacity < required_capacity) {
6671
n = n1->n_child;
6772
PyMem_RESIZE(n, node, required_capacity);

0 commit comments

Comments
 (0)