Issue #22335: Fix crash when trying to enlarge a bytearray to 0x7fffffff bytes on a 32-bit platform.

commit: cc23154d020723dc85d055324861f6a8f54fe0f7 [log] [tgz]
author: Antoine Pitrou <solipsis@pitrou.net> Sun Nov 02 18:40:09 2014 +0100
committer: Antoine Pitrou <solipsis@pitrou.net> Sun Nov 02 18:40:09 2014 +0100
tree: 4443bd4e56e69d5040a3d1df710cebb03447e0b0
parent: 64f10d4f5e01ab119baa4d0a10403cec444810ce [diff] [blame]
diff --git a/Objects/obmalloc.c b/Objects/obmalloc.c
index 004cfaa..3c33255 100644
--- a/Objects/obmalloc.c
+++ b/Objects/obmalloc.c

@@ -1754,8 +1754,8 @@
 
     bumpserialno();
     total = nbytes + 4*SST;
-    if (total < nbytes)
-        /* overflow:  can't represent total as a size_t */
+    if (nbytes > PY_SSIZE_T_MAX - 4*SST)
+        /* overflow:  can't represent total as a Py_ssize_t */
         return NULL;
 
     p = (uchar *)api->alloc.malloc(api->alloc.ctx, total);
@@ -1817,8 +1817,8 @@
     bumpserialno();
     original_nbytes = read_size_t(q - 2*SST);
     total = nbytes + 4*SST;
-    if (total < nbytes)
-        /* overflow:  can't represent total as a size_t */
+    if (nbytes > PY_SSIZE_T_MAX - 4*SST)
+        /* overflow:  can't represent total as a Py_ssize_t */
         return NULL;
 
     /* Resize and add decorations. We may get a new pointer here, in which
commit	cc23154d020723dc85d055324861f6a8f54fe0f7	[log] [tgz]
author	Antoine Pitrou <solipsis@pitrou.net>	Sun Nov 02 18:40:09 2014 +0100
committer	Antoine Pitrou <solipsis@pitrou.net>	Sun Nov 02 18:40:09 2014 +0100
tree	4443bd4e56e69d5040a3d1df710cebb03447e0b0
parent	64f10d4f5e01ab119baa4d0a10403cec444810ce [diff] [blame]