summaryrefslogtreecommitdiff
path: root/Objects/bufferobject.c
diff options
context:
space:
mode:
authorNeal Norwitz <nnorwitz@gmail.com>2008-07-31 17:17:14 +0000
committerNeal Norwitz <nnorwitz@gmail.com>2008-07-31 17:17:14 +0000
commite7d8be80ba634fa15ece6f503c33592e0d333361 (patch)
tree4264163ebdcea24504f3842330602d98301cf659 /Objects/bufferobject.c
parente70f8e1205b5fc60a30469db69bbee4d5d532d86 (diff)
downloadcpython-git-e7d8be80ba634fa15ece6f503c33592e0d333361.tar.gz
Security patches from Apple: prevent int overflow when allocating memory
Diffstat (limited to 'Objects/bufferobject.c')
-rw-r--r--Objects/bufferobject.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c
index 3bd8c6be3e..9a5c39f6f4 100644
--- a/Objects/bufferobject.c
+++ b/Objects/bufferobject.c
@@ -431,6 +431,10 @@ buffer_repeat(PyBufferObject *self, Py_ssize_t count)
count = 0;
if (!get_buf(self, &ptr, &size, ANY_BUFFER))
return NULL;
+ if (count > PY_SSIZE_T_MAX / size) {
+ PyErr_SetString(PyExc_MemoryError, "result too large");
+ return NULL;
+ }
ob = PyString_FromStringAndSize(NULL, size * count);
if ( ob == NULL )
return NULL;
View Lorry Controller Status