Merged revisions 76629 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r76629 | mark.dickinson | 2009-12-02 17:33:41 +0000 (Wed, 02 Dec 2009) | 3 lines
Issue #7406: Fix some occurrences of potential signed overflow in int
arithmetic.
........
diff --git a/Objects/intobject.c b/Objects/intobject.c
index e73c921..ebe029e 100644
--- a/Objects/intobject.c
+++ b/Objects/intobject.c
@@ -465,7 +465,8 @@
register long a, b, x;
CONVERT_TO_LONG(v, a);
CONVERT_TO_LONG(w, b);
- x = a + b;
+ /* casts in the line below avoid undefined behaviour on overflow */
+ x = (long)((unsigned long)a + b);
if ((x^a) >= 0 || (x^b) >= 0)
return PyInt_FromLong(x);
return PyLong_Type.tp_as_number->nb_add((PyObject *)v, (PyObject *)w);
@@ -477,7 +478,8 @@
register long a, b, x;
CONVERT_TO_LONG(v, a);
CONVERT_TO_LONG(w, b);
- x = a - b;
+ /* casts in the line below avoid undefined behaviour on overflow */
+ x = (long)((unsigned long)a - b);
if ((x^a) >= 0 || (x^~b) >= 0)
return PyInt_FromLong(x);
return PyLong_Type.tp_as_number->nb_subtract((PyObject *)v,
@@ -520,7 +522,8 @@
CONVERT_TO_LONG(v, a);
CONVERT_TO_LONG(w, b);
- longprod = a * b;
+ /* casts in the next line avoid undefined behaviour on overflow */
+ longprod = (long)((unsigned long)a * b);
doubleprod = (double)a * (double)b;
doubled_longprod = (double)longprod;