detect overflow in combinations (closes #23366)

diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py
index e5225f2a669cf5fda602cddbbcc1332e7b7c82f5..cbb1b9266d1e435ce2a8e1bde887e1b68793023d 100644 (file)
--- a/Lib/test/test_itertools.py
+++ b/Lib/test/test_itertools.py
@@ -137,6 +137,11 @@ class TestBasicOps(unittest.TestCase):
                 self.assertEqual(result, list(combinations2(values, r))) # matches second pure python version
                 self.assertEqual(result, list(combinations3(values, r))) # matches second pure python version
 
+    @test_support.bigaddrspacetest
+    def test_combinations_overflow(self):
+        with self.assertRaises(OverflowError):
+            combinations("AA", 2**29)
+
     @test_support.impl_detail("tuple reuse is specific to CPython")
     def test_combinations_tuple_reuse(self):
         self.assertEqual(len(set(map(id, combinations('abcde', 3)))), 1)

diff --git a/Misc/NEWS b/Misc/NEWS
index b4a52d28c0558f2ee42b875a763985c2d0a8f209..87a1d9f72081c8599a04236eaf520928b4575553 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -18,6 +18,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #23366: Fixed possible integer overflow in itertools.combinations.
+
 - Issue #23191: fnmatch functions that use caching are now threadsafe.
 
 - Issue #18518: timeit now rejects statements which can't be compiled outside

diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c
index cd45eb9a478a3c3c59ff9eec97c0f4a5f69755b9..4eab79ce748d037b97c1116a556dcace64bc8584 100644 (file)
--- a/Modules/itertoolsmodule.c
+++ b/Modules/itertoolsmodule.c
@@ -2093,6 +2093,10 @@ combinations_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
         goto error;
     }
 
+    if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) {
+        PyErr_SetString(PyExc_OverflowError, "r is too big");
+        goto error;
+    }
     indices = PyMem_Malloc(r * sizeof(Py_ssize_t));
     if (indices == NULL) {
         PyErr_NoMemory();