bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) The final addition (cur += step) may overflow, so use size_t for "cur". "cur" is always positive (even for negative steps), so it is safe to use size_t here. Co-Authored-By: Martin Panter <vadmium+py@gmail.com>

commit: 14514d9084a40f599c57da853a305aa264562a43 [log] [tgz]
author: Zackery Spytz <zspytz@gmail.com> Fri May 17 01:13:03 2019 -0600
committer: Serhiy Storchaka <storchaka@gmail.com> Fri May 17 10:13:03 2019 +0300
tree: 36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent: 870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
index b7c5b75..ebbdb7c 100644
--- a/Objects/bytesobject.c
+++ b/Objects/bytesobject.c

@@ -1677,7 +1677,8 @@
         return PyLong_FromLong((unsigned char)self->ob_sval[i]);
     }
     else if (PySlice_Check(item)) {
-        Py_ssize_t start, stop, step, slicelength, cur, i;
+        Py_ssize_t start, stop, step, slicelength, i;
+        size_t cur;
         char* source_buf;
         char* result_buf;
         PyObject* result;
commit	14514d9084a40f599c57da853a305aa264562a43	[log] [tgz]
author	Zackery Spytz <zspytz@gmail.com>	Fri May 17 01:13:03 2019 -0600
committer	Serhiy Storchaka <storchaka@gmail.com>	Fri May 17 10:13:03 2019 +0300
tree	36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent	870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]