Victor Stinner avatar Victor Stinner committed ab500b2

Issue #14716: Change integer overflow check in unicode_writer_prepare()
to compute the limit at compile time instead of runtime. Patch writen by Serhiy
Storchaka.

Comments (0)

Files changed (1)

Objects/unicodeobject.c

     newlen = writer->pos + length;
 
     if (newlen > PyUnicode_GET_LENGTH(writer->buffer)) {
-        /* overallocate 25% to limit the number of resize */
-        if (newlen <= (PY_SSIZE_T_MAX - newlen / 4))
+        /* Overallocate 25% to limit the number of resize.
+           Check for integer overflow:
+           (newlen + newlen / 4) <= PY_SSIZE_T_MAX */
+        if (newlen <= (PY_SSIZE_T_MAX - PY_SSIZE_T_MAX / 5))
             newlen += newlen / 4;
 
         if (maxchar > writer->maxchar) {
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.