Security patches from Apple: prevent int overflow when allocating memory

commit: 4f3be8a0a908784f4ab5fec66439643f2c1d79eb [log] [tgz]
author: Neal Norwitz <nnorwitz@gmail.com> Thu Jul 31 17:08:14 2008 +0000
committer: Neal Norwitz <nnorwitz@gmail.com> Thu Jul 31 17:08:14 2008 +0000
tree: 0d7f0d95099fd0b5e93e2f994a3fc0db6b682b29
parent: 83ac0144fa3041556aa4f3952ebd979e0189a19c [diff] [blame]
diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c
index 88c0e41..e1ed764 100644
--- a/Objects/bufferobject.c
+++ b/Objects/bufferobject.c

@@ -427,6 +427,10 @@
 		count = 0;
 	if (!get_buf(self, &ptr, &size, ANY_BUFFER))
 		return NULL;
+	if (count > PY_SSIZE_T_MAX / size) {
+		PyErr_SetString(PyExc_MemoryError, "result too large");
+		return NULL;
+	}
 	ob = PyString_FromStringAndSize(NULL, size * count);
 	if ( ob == NULL )
 		return NULL;
commit	4f3be8a0a908784f4ab5fec66439643f2c1d79eb	[log] [tgz]
author	Neal Norwitz <nnorwitz@gmail.com>	Thu Jul 31 17:08:14 2008 +0000
committer	Neal Norwitz <nnorwitz@gmail.com>	Thu Jul 31 17:08:14 2008 +0000
tree	0d7f0d95099fd0b5e93e2f994a3fc0db6b682b29
parent	83ac0144fa3041556aa4f3952ebd979e0189a19c [diff] [blame]