Carefully check for overflow when allocating the memory for fromfile

-- someone tried to pass in sys.maxint and got bitten by the bogus calculations.

Carefully check for overflow when allocating the memory for fromfile
-- someone tried to pass in sys.maxint and got bitten by the bogus calculations.
3791b0de · Guido van Rossum · 24f8579e · 3791b0de
Commit 3791b0de authored Feb 23, 1999 by Guido van Rossum
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

Modules/arraymodule.c Modules/arraymodule.c +8 -1

No files found.
--- a/Modules/arraymodule.c
+++ b/Modules/arraymodule.c
@@ -935,8 +935,15 @@ array_fromfile(self, args)
 		char *item = self->ob_item;
 		int itemsize = self->ob_descr->itemsize;
 		int nread;
-		PyMem_RESIZE(item, char, (self->ob_size + n) * itemsize);
+		int newlength;
+		size_t newbytes;
+		/* Be careful here about overflow */
+		if ((newlength = self->ob_size + n) <= 0 ||
+		    (newbytes = newlength * itemsize) / itemsize != newlength)
+			goto nomem;
+		PyMem_RESIZE(item, char, newbytes);
 		if (item == NULL) {
+		  nomem:
 			PyErr_NoMemory();
 			return NULL;
 		}