Trent Mick:

gvanrossum · gvanrossum · commit c554505ca131 · 2000-05-08T14:29:38.000Z
Fix overflow bug in ldexp(x, exp). The 'exp' argument maps to a C int for the
math library call [double ldexp(double, int)], however the 'd'
PyArg_ParseTuple formatter was used to yield a double, which was subsequently
cast to an int. This could overflow.

[GvR: mysteriously, on Solaris 2.7, ldexp(1, 2147483647) returns Inf
while ldexp(1, 2147483646) raises OverflowError; this seems a bug in
the math library (it also takes a real long time to compute the
Inf outcome).  Does this point to a bug in the CHECK() macro?  It
should have discovered that the result was outside the HUGE_VAL range.]
diff --git a/Modules/mathmodule.c b/Modules/mathmodule.c
@@ -196,13 +196,13 @@ math_ldexp(self, args)
 	PyObject *self;
 	PyObject *args;
 {
-	double x, y;
-	/* Cheat -- allow float as second argument */
-        if (! PyArg_Parse(args, "(dd)", &x, &y))
+	double x;
+	int exp;
+	if (! PyArg_Parse(args, "(di)", &x, &exp))
 		return NULL;
 	errno = 0;
 	PyFPE_START_PROTECT("ldexp", return 0)
-	x = ldexp(x, (int)y);
+	x = ldexp(x, exp);
 	PyFPE_END_PROTECT(x)
 	CHECK(x);
 	if (errno != 0)
