bpo-25943: Check for integer overflow in bsddb's DB_join(). (GH-8392)

commit: 041a4ee9456d716dd449d38a5328b82e76f5dbc4 [log] [tgz]
author: Zackery Spytz <zspytz@gmail.com> Sun Jul 22 10:53:56 2018 -0600
committer: Serhiy Storchaka <storchaka@gmail.com> Sun Jul 22 19:53:56 2018 +0300
tree: 0586a837e615190ecef32078862fa1c39b2b3ecb
parent: 32522050773c257a5c3c0c8929ba5c64123b53ed [diff] [blame]
diff --git a/Modules/_bsddb.c b/Modules/_bsddb.c
index a886794..6a1c188 100644
--- a/Modules/_bsddb.c
+++ b/Modules/_bsddb.c

@@ -2257,7 +2257,7 @@
 DB_join(DBObject* self, PyObject* args)
 {
     int err, flags=0;
-    int length, x;
+    Py_ssize_t length, x;
     PyObject* cursorsObj;
     DBC** cursors;
     DBC*  dbc;
@@ -2274,6 +2274,12 @@
     }
 
     length = PyObject_Length(cursorsObj);
+    if (length == -1) {
+        return NULL;
+    }
+    if (length >= PY_SSIZE_T_MAX / sizeof(DBC*)) {
+        return PyErr_NoMemory();
+    }
     cursors = malloc((length+1) * sizeof(DBC*));
     if (!cursors) {
         PyErr_NoMemory();
commit	041a4ee9456d716dd449d38a5328b82e76f5dbc4	[log] [tgz]
author	Zackery Spytz <zspytz@gmail.com>	Sun Jul 22 10:53:56 2018 -0600
committer	Serhiy Storchaka <storchaka@gmail.com>	Sun Jul 22 19:53:56 2018 +0300
tree	0586a837e615190ecef32078862fa1c39b2b3ecb
parent	32522050773c257a5c3c0c8929ba5c64123b53ed [diff] [blame]