Commit 4faf5c56 authored by Serhiy Storchaka's avatar Serhiy Storchaka

Issue #23985: Fixed integer overflow in iterator object. Patch by

Clement Rouault.
parent cbfe07e0
# Test iterators.
import sys
import unittest
from test.support import run_unittest, TESTFN, unlink, cpython_only
import pickle
......@@ -48,6 +49,10 @@ class SequenceClass:
else:
raise IndexError
class UnlimitedSequenceClass:
def __getitem__(self, i):
return i
# Main test suite
class TestCase(unittest.TestCase):
......@@ -919,6 +924,26 @@ class TestCase(unittest.TestCase):
lst.extend(gen())
self.assertEqual(len(lst), 760)
@cpython_only
def test_iter_overflow(self):
# Test for the issue 22939
it = iter(UnlimitedSequenceClass())
# Manually set `it_index` to PY_SSIZE_T_MAX-2 without a loop
it.__setstate__(sys.maxsize - 2)
self.assertEqual(next(it), sys.maxsize - 2)
self.assertEqual(next(it), sys.maxsize - 1)
with self.assertRaises(OverflowError):
next(it)
# Check that Overflow error is always raised
with self.assertRaises(OverflowError):
next(it)
def test_iter_neg_setstate(self):
it = iter(UnlimitedSequenceClass())
it.__setstate__(-42)
self.assertEqual(next(it), 0)
self.assertEqual(next(it), 1)
def test_main():
run_unittest(TestCase)
......
......@@ -1168,6 +1168,7 @@ Guido van Rossum
Just van Rossum
Hugo van Rossum
Saskia van Rossum
Clement Rouault
Donald Wallace Rouse II
Liam Routt
Todd Rovito
......
......@@ -10,6 +10,9 @@ Release date: tba
Core and Builtins
-----------------
- Issue #23985: Fixed integer overflow in iterator object. Patch by
Clement Rouault.
- Issue #23985: Fix a possible buffer overrun when deleting a slice from
the front of a bytearray and then appending some other bytes data.
......
......@@ -54,6 +54,11 @@ iter_iternext(PyObject *iterator)
seq = it->it_seq;
if (seq == NULL)
return NULL;
if (it->it_index == PY_SSIZE_T_MAX) {
PyErr_SetString(PyExc_OverflowError,
"iter index too large");
return NULL;
}
result = PySequence_GetItem(seq, it->it_index);
if (result != NULL) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment