Issue #9530: Fix a couple of places where undefined behaviour can
occur, as a result of signed integer overflow.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 021ab1a..33f80d5 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -649,6 +649,11 @@
if (!_canresize(self))
return -1;
+
+ if (slicelen == 0)
+ /* Nothing to do here. */
+ return 0;
+
if (step < 0) {
stop = start + 1;
start = stop + step * (slicelen - 1) - 1;
@@ -665,7 +670,7 @@
self->ob_bytes + cur + 1, lim);
}
/* Move the tail of the bytes, in one chunk */
- cur = start + slicelen*step;
+ cur = start + (size_t)slicelen*step;
if (cur < (size_t)PyByteArray_GET_SIZE(self)) {
memmove(self->ob_bytes + cur - slicelen,
self->ob_bytes + cur,
@@ -679,7 +684,8 @@
}
else {
/* Assign slice */
- Py_ssize_t cur, i;
+ Py_ssize_t i;
+ size_t cur;
if (needed != slicelen) {
PyErr_Format(PyExc_ValueError,