commit 7e3b948cfeba35411a6ef3a9e6455b46c57a9bd6
author Mark Dickinson <dickinsm@gmail.com> Fri Aug 06 21:33:18 2010 +0000
committer Mark Dickinson <dickinsm@gmail.com> Fri Aug 06 21:33:18 2010 +0000
tree 51a100b3c8ef84aa29aae80c6c6d1a26b5fc1e79
parent d0511b0efbae0896ffebc8848b456daf280a3f85

Issue #9530:  Fix a couple of places where undefined behaviour can
occur, as a result of signed integer overflow.

Objects/bytearrayobject.c

diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 021ab1a..33f80d5 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -649,6 +649,11 @@
 
             if (!_canresize(self))
                 return -1;
+
+            if (slicelen == 0)
+                /* Nothing to do here. */
+                return 0;
+
             if (step < 0) {
                 stop = start + 1;
                 start = stop + step * (slicelen - 1) - 1;
@@ -665,7 +670,7 @@
                         self->ob_bytes + cur + 1, lim);
             }
             /* Move the tail of the bytes, in one chunk */
-            cur = start + slicelen*step;
+            cur = start + (size_t)slicelen*step;
             if (cur < (size_t)PyByteArray_GET_SIZE(self)) {
                 memmove(self->ob_bytes + cur - slicelen,
                         self->ob_bytes + cur,
@@ -679,7 +684,8 @@
         }
         else {
             /* Assign slice */
-            Py_ssize_t cur, i;
+            Py_ssize_t i;
+            size_t cur;
 
             if (needed != slicelen) {
                 PyErr_Format(PyExc_ValueError,