[3.8] gh-97616: list_resize() checks for integer overflow (GH-97617) #97628
Conversation
…7617) Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. list_resize() now checks for integer overflow before multiplying the new allocated length by the list item size (sizeof(PyObject*)). (cherry picked from commit a5f092f) Co-authored-by: Victor Stinner <vstinner@python.org>
|
Status check is done, and it's a success ✅. |
|
Sorry, I can't merge this PR. Reason: |
|
I'm confused by the change to file Objects/listobject.c because the added test (line 69), apparently has the same exact effect of the previously existing (and kept) test at line 62. Probably I miss something because, apparently line 75 can never be reached. |
Oh. I blindly and automatically backported my change from the main branch, without checking if old versions were really vulnerable. It seems like commit 2fe815e changed list_resize() code in 2020: in Python 3.9.0. So it seems like Python 3.8 wasn't impacted that the issue #97616. So the backport to Python 3.8 was not useful, but I don't think that it's useful to undo this backport. |
|
Thank you for spending time to provide your feedback. I don't see any need to undo the backport too. |
Fix multiplying a list by an integer (list *= int): detect the
integer overflow when the new allocated length is close to the
maximum size. Issue reported by Jordan Limor.
list_resize() now checks for integer overflow before multiplying the
new allocated length by the list item size (sizeof(PyObject*)).
(cherry picked from commit a5f092f)
Co-authored-by: Victor Stinner vstinner@python.org