From 73c01d410117a573731e6c2afc9694005f8d11aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20v=2E=20L=C3=B6wis?= <martin@v.loewis.de>
Date: Thu, 14 Feb 2008 11:26:18 +0000
Subject: Added checks for integer overflows, contributed by Google. Some are
 only available if asserts are left in the code, in cases where they can't be
 triggered from Python code.

---
 Python/ast.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Python/ast.c')

diff --git a/Python/ast.c b/Python/ast.c
index 2c03ad6acf..3381260d07 100644
--- a/Python/ast.c
+++ b/Python/ast.c
@@ -3130,6 +3130,9 @@ decode_unicode(const char *s, size_t len, int rawmode, const char *encoding)
 	     	buf = (char *)s;
 		u = NULL;
 	} else {
+		/* check for integer overflow */
+		if (len > PY_SIZE_MAX / 4)
+			return NULL;
 		/* "\XX" may become "\u005c\uHHLL" (12 bytes) */
 		u = PyString_FromStringAndSize((char *)NULL, len * 4);
 		if (u == NULL)
-- 
cgit v1.2.1