bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) The final addition (cur += step) may overflow, so use size_t for "cur". "cur" is always positive (even for negative steps), so it is safe to use size_t here. Co-Authored-By: Martin Panter <vadmium+py@gmail.com>

commit: 14514d9084a40f599c57da853a305aa264562a43 [log] [tgz]
author: Zackery Spytz <zspytz@gmail.com> Fri May 17 01:13:03 2019 -0600
committer: Serhiy Storchaka <storchaka@gmail.com> Fri May 17 10:13:03 2019 +0300
tree: 36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent: 870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index eaba583..0aa5e4a 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c

@@ -13991,7 +13991,8 @@
             i += PyUnicode_GET_LENGTH(self);
         return unicode_getitem(self, i);
     } else if (PySlice_Check(item)) {
-        Py_ssize_t start, stop, step, slicelength, cur, i;
+        Py_ssize_t start, stop, step, slicelength, i;
+        size_t cur;
         PyObject *result;
         void *src_data, *dest_data;
         int src_kind, dest_kind;
commit	14514d9084a40f599c57da853a305aa264562a43	[log] [tgz]
author	Zackery Spytz <zspytz@gmail.com>	Fri May 17 01:13:03 2019 -0600
committer	Serhiy Storchaka <storchaka@gmail.com>	Fri May 17 10:13:03 2019 +0300
tree	36cb61b74dbfda9ce1cdf72a864b640d0bda546d
parent	870b035bc6da96689b59dd6f79782ec6f1873617 [diff] [blame]