bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) The final addition (cur += step) may overflow, so use size_t for "cur". "cur" is always positive (even for negative steps), so it is safe to use size_t here. Co-Authored-By: Martin Panter <vadmium+py@gmail.com>

commit: 14514d9084a40f599c57da853a305aa264562a43 [log] [tgz]
author: Zackery Spytz <zspytz@gmail.com> Fri May 17 01:13:03 2019 -0600
committer: Serhiy Storchaka <storchaka@gmail.com> Fri May 17 10:13:03 2019 +0300
tree: 36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent: 870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index eaf5dce..8d5ba54 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c

@@ -410,7 +410,8 @@
         return PyLong_FromLong((unsigned char)(PyByteArray_AS_STRING(self)[i]));
     }
     else if (PySlice_Check(index)) {
-        Py_ssize_t start, stop, step, slicelength, cur, i;
+        Py_ssize_t start, stop, step, slicelength, i;
+        size_t cur;
         if (PySlice_Unpack(index, &start, &stop, &step) < 0) {
             return NULL;
         }
commit	14514d9084a40f599c57da853a305aa264562a43	[log] [tgz]
author	Zackery Spytz <zspytz@gmail.com>	Fri May 17 01:13:03 2019 -0600
committer	Serhiy Storchaka <storchaka@gmail.com>	Fri May 17 10:13:03 2019 +0300
tree	36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent	870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]