Trent Mick: This patches fixes a possible overflow of the optional timeout parameter for the select() function (selectmodule.c). This timeout is passed in as a double and then truncated to an int. If the double is sufficiently large you can get unexpected results as it overflows. This patch raises an overflow if the given select timeout overflows. [GvR: To my embarrassment, the original code was assuming an int could always hold a million. Note that the overflow check doesn't test for a very large *negative* timeout passed in -- but who in the world would do such a thing?]

commit: 3262e1675335e00e0f437cce921a1b22a8a33b76 [log] [tgz]
author: Guido van Rossum <guido@python.org> Wed Jun 28 21:18:13 2000 +0000
committer: Guido van Rossum <guido@python.org> Wed Jun 28 21:18:13 2000 +0000
tree: 3f17d745d3e62934003e15c96bc742662a856a5b
parent: 106f2dae868770f6b6ed2c949dd5b4deb07b880b [diff] [blame]
diff --git a/Modules/selectmodule.c b/Modules/selectmodule.c
index fb46fc3..21eab47 100644
--- a/Modules/selectmodule.c
+++ b/Modules/selectmodule.c

@@ -238,7 +238,7 @@
 	fd_set ifdset, ofdset, efdset;
 	double timeout;
 	struct timeval tv, *tvp;
-	int seconds;
+	long seconds;
 	int imax, omax, emax, max;
 	int n;
 
@@ -255,10 +255,14 @@
 		return NULL;
 	}
 	else {
-		seconds = (int)timeout;
+		if (timeout > (double)LONG_MAX) {
+			PyErr_SetString(PyExc_OverflowError, "timeout period too long");
+			return NULL;
+		}
+		seconds = (long)timeout;
 		timeout = timeout - (double)seconds;
 		tv.tv_sec = seconds;
-		tv.tv_usec = (int)(timeout*1000000.0);
+		tv.tv_usec = (long)(timeout*1000000.0);
 		tvp = &tv;
 	}
commit	3262e1675335e00e0f437cce921a1b22a8a33b76	[log] [tgz]
author	Guido van Rossum <guido@python.org>	Wed Jun 28 21:18:13 2000 +0000
committer	Guido van Rossum <guido@python.org>	Wed Jun 28 21:18:13 2000 +0000
tree	3f17d745d3e62934003e15c96bc742662a856a5b
parent	106f2dae868770f6b6ed2c949dd5b4deb07b880b [diff] [blame]