Carefully check for overflow when allocating the memory for fromfile -- someone tried to pass in sys.maxint and got bitten by the bogus calculations.

commit: 3791b0de365237b3bdddcc050858a83b8fd97f99 [log] [tgz]
author: Guido van Rossum <guido@python.org> Tue Feb 23 18:05:22 1999 +0000
committer: Guido van Rossum <guido@python.org> Tue Feb 23 18:05:22 1999 +0000
tree: e807ff3bc40fa12caebef7eec5cc7aac8f49eae8
parent: 24f8579ee4f01d1c22eaf26211a690e8b0d53251 [diff] [blame]
diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c
index 656f5a6..bb0a9ed 100644
--- a/Modules/arraymodule.c
+++ b/Modules/arraymodule.c

@@ -935,8 +935,15 @@
 		char *item = self->ob_item;
 		int itemsize = self->ob_descr->itemsize;
 		int nread;
-		PyMem_RESIZE(item, char, (self->ob_size + n) * itemsize);
+		int newlength;
+		size_t newbytes;
+		/* Be careful here about overflow */
+		if ((newlength = self->ob_size + n) <= 0 ||
+		    (newbytes = newlength * itemsize) / itemsize != newlength)
+			goto nomem;
+		PyMem_RESIZE(item, char, newbytes);
 		if (item == NULL) {
+		  nomem:
 			PyErr_NoMemory();
 			return NULL;
 		}
commit	3791b0de365237b3bdddcc050858a83b8fd97f99	[log] [tgz]
author	Guido van Rossum <guido@python.org>	Tue Feb 23 18:05:22 1999 +0000
committer	Guido van Rossum <guido@python.org>	Tue Feb 23 18:05:22 1999 +0000
tree	e807ff3bc40fa12caebef7eec5cc7aac8f49eae8
parent	24f8579ee4f01d1c22eaf26211a690e8b0d53251 [diff] [blame]