bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) The final addition (cur += step) may overflow, so use size_t for "cur". "cur" is always positive (even for negative steps), so it is safe to use size_t here. Co-Authored-By: Martin Panter <vadmium+py@gmail.com> (cherry picked from commit 14514d9084a40f599c57da853a305aa264562a43) Co-authored-by: Zackery Spytz <zspytz@gmail.com>

commit: f02d1a43c6be658cd279edb90e8e96c99e1127e7 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Fri May 17 00:33:10 2019 -0700
committer: GitHub <noreply@github.com> Fri May 17 00:33:10 2019 -0700
tree: c27f46c3ad004c5a96eeb1b498076dabd7788350
parent: aa73841a8fdded4a462d045d1eb03899cbeecd65 [diff] [blame]
diff --git a/Modules/mmapmodule.c b/Modules/mmapmodule.c
index f957e2c..223afac 100644
--- a/Modules/mmapmodule.c
+++ b/Modules/mmapmodule.c

@@ -790,7 +790,8 @@
                                               slicelen);
         else {
             char *result_buf = (char *)PyMem_Malloc(slicelen);
-            Py_ssize_t cur, i;
+            size_t cur;
+            Py_ssize_t i;
             PyObject *result;
 
             if (result_buf == NULL)
@@ -910,7 +911,8 @@
             memcpy(self->data + start, vbuf.buf, slicelen);
         }
         else {
-            Py_ssize_t cur, i;
+            size_t cur;
+            Py_ssize_t i;
 
             for (cur = start, i = 0;
                  i < slicelen;
commit	f02d1a43c6be658cd279edb90e8e96c99e1127e7	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Fri May 17 00:33:10 2019 -0700
committer	GitHub <noreply@github.com>	Fri May 17 00:33:10 2019 -0700
tree	c27f46c3ad004c5a96eeb1b498076dabd7788350
parent	aa73841a8fdded4a462d045d1eb03899cbeecd65 [diff] [blame]