SF patch 514641 (Naofumi Honda) - Negative ob_size of LongObjects Due to the bizarre definition of _PyLong_Copy(), creating an instance of a subclass of long with a negative value could cause core dumps later on. Unfortunately it looks like the behavior of _PyLong_Copy() is quite intentional, so the fix is more work than feels comfortable. This fix is almost, but not quite, the code that Naofumi Honda added; in addition, I added a test case.

commit: 2eb0b87d141ff89582ddd7bb414f9958e39fc6ae [log] [tgz]
author: Guido van Rossum <guido@python.org> Fri Mar 01 22:24:49 2002 +0000
committer: Guido van Rossum <guido@python.org> Fri Mar 01 22:24:49 2002 +0000
tree: c80c850e549d64ecd53dc858c3167f6c01aaac87
parent: 6f33250ef939356b8a577049cafce1961760fd27 [diff] [blame]
diff --git a/Objects/abstract.c b/Objects/abstract.c
index 2acfd08..cae474c 100644
--- a/Objects/abstract.c
+++ b/Objects/abstract.c

@@ -933,8 +933,16 @@
 		Py_INCREF(o);
 		return o;
 	}
-	if (PyLong_Check(o))
-		return _PyLong_Copy((PyLongObject *)o);
+	if (PyLong_Check(o)) {
+		PyObject *res;
+
+		res = _PyLong_Copy((PyLongObject *)o);
+		if (res != NULL)
+			((PyLongObject *)res)->ob_size =
+				((PyLongObject *)o)->ob_size;
+
+		return res;
+	}
 	if (PyString_Check(o))
 		/* need to do extra error checking that PyLong_FromString() 
 		 * doesn't do.  In particular long('9.5') must raise an
commit	2eb0b87d141ff89582ddd7bb414f9958e39fc6ae	[log] [tgz]
author	Guido van Rossum <guido@python.org>	Fri Mar 01 22:24:49 2002 +0000
committer	Guido van Rossum <guido@python.org>	Fri Mar 01 22:24:49 2002 +0000
tree	c80c850e549d64ecd53dc858c3167f6c01aaac87
parent	6f33250ef939356b8a577049cafce1961760fd27 [diff] [blame]