Issue #18427: str.replace could crash the interpreter with huge strings. This fixes two places where 'int' was used to represent the size of strings, instead of 'Py_ssize_t'. (The issue is not present in the corresponding code in the 3.x branches) Fixes #18427

commit: 3687e8055cf740384516c596890e864ead081eba [log] [tgz]
author: Ronald Oussoren <ronaldoussoren@mac.com> Thu Jul 11 13:33:55 2013 +0200
committer: Ronald Oussoren <ronaldoussoren@mac.com> Thu Jul 11 13:33:55 2013 +0200
tree: aab19a3cd7c3e824d1d3dd430577418788594441
parent: f7c8584545be5b0ecbd904a4cd1889b0fb0edfb1 [diff] [blame]
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 1209197..b80ef87 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c

@@ -882,9 +882,9 @@
             size -= chunk_size;
         }
 #ifdef __VMS
-        if (size) fwrite(data, (int)size, 1, fp);
+        if (size) fwrite(data, (size_t)size, 1, fp);
 #else
-        fwrite(data, 1, (int)size, fp);
+        fwrite(data, 1, (size_t)size, fp);
 #endif
         Py_END_ALLOW_THREADS
         return 0;
@@ -2332,7 +2332,7 @@
 }
 
 Py_LOCAL_INLINE(Py_ssize_t)
-countchar(const char *target, int target_len, char c, Py_ssize_t maxcount)
+countchar(const char *target, Py_ssize_t target_len, char c, Py_ssize_t maxcount)
 {
     Py_ssize_t count=0;
     const char *start=target;
commit	3687e8055cf740384516c596890e864ead081eba	[log] [tgz]
author	Ronald Oussoren <ronaldoussoren@mac.com>	Thu Jul 11 13:33:55 2013 +0200
committer	Ronald Oussoren <ronaldoussoren@mac.com>	Thu Jul 11 13:33:55 2013 +0200
tree	aab19a3cd7c3e824d1d3dd430577418788594441
parent	f7c8584545be5b0ecbd904a4cd1889b0fb0edfb1 [diff] [blame]