bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) The final addition (cur += step) may overflow, so use size_t for "cur". "cur" is always positive (even for negative steps), so it is safe to use size_t here. Co-Authored-By: Martin Panter <vadmium+py@gmail.com> (cherry picked from commit 14514d9084a40f599c57da853a305aa264562a43) Co-authored-by: Zackery Spytz <zspytz@gmail.com>

commit: f02d1a43c6be658cd279edb90e8e96c99e1127e7 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Fri May 17 00:33:10 2019 -0700
committer: GitHub <noreply@github.com> Fri May 17 00:33:10 2019 -0700
tree: c27f46c3ad004c5a96eeb1b498076dabd7788350
parent: aa73841a8fdded4a462d045d1eb03899cbeecd65 [diff] [blame]
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 3f3e6bc..8a0994f 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c

@@ -420,7 +420,8 @@
         return PyLong_FromLong((unsigned char)(PyByteArray_AS_STRING(self)[i]));
     }
     else if (PySlice_Check(index)) {
-        Py_ssize_t start, stop, step, slicelength, cur, i;
+        Py_ssize_t start, stop, step, slicelength, i;
+        size_t cur;
         if (PySlice_Unpack(index, &start, &stop, &step) < 0) {
             return NULL;
         }
commit	f02d1a43c6be658cd279edb90e8e96c99e1127e7	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Fri May 17 00:33:10 2019 -0700
committer	GitHub <noreply@github.com>	Fri May 17 00:33:10 2019 -0700
tree	c27f46c3ad004c5a96eeb1b498076dabd7788350
parent	aa73841a8fdded4a462d045d1eb03899cbeecd65 [diff] [blame]