From b93d8637a6bce5b1b61423dc6c8319fc82a31b13 Mon Sep 17 00:00:00 2001
From: Martin Panter <vadmium+py@gmail.com>
Date: Mon, 25 Jul 2016 02:39:20 +0000
Subject: Issue #1621: Avoid signed overflow in list and tuple operations

Patch by Xiang Zhang.
---
 Objects/tupleobject.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Objects/tupleobject.c')

diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c
index 1b412580dc..c0ff499e72 100644
--- a/Objects/tupleobject.c
+++ b/Objects/tupleobject.c
@@ -453,9 +453,9 @@ tupleconcat(PyTupleObject *a, PyObject *bb)
         return NULL;
     }
 #define b ((PyTupleObject *)bb)
-    size = Py_SIZE(a) + Py_SIZE(b);
-    if (size < 0)
+    if (Py_SIZE(a) > PY_SSIZE_T_MAX - Py_SIZE(b))
         return PyErr_NoMemory();
+    size = Py_SIZE(a) + Py_SIZE(b);
     np = (PyTupleObject *) PyTuple_New(size);
     if (np == NULL) {
         return NULL;
-- 
cgit v1.2.1