Issue #14716: Change integer overflow check in unicode_writer_prepare()

to compute the limit at compile time instead of runtime. Patch writen by Serhiy
Storchaka.

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 0722312373d6394a35313bebe6f9b99c62937b0f..4bbaa35891112554de57d475a7620d3c713ac588 100644 (file)
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -13242,8 +13242,10 @@ unicode_writer_prepare(unicode_writer_t *writer,
     newlen = writer->pos + length;
 
     if (newlen > PyUnicode_GET_LENGTH(writer->buffer)) {
-        /* overallocate 25% to limit the number of resize */
-        if (newlen <= (PY_SSIZE_T_MAX - newlen / 4))
+        /* Overallocate 25% to limit the number of resize.
+           Check for integer overflow:
+           (newlen + newlen / 4) <= PY_SSIZE_T_MAX */
+        if (newlen <= (PY_SSIZE_T_MAX - PY_SSIZE_T_MAX / 5))
             newlen += newlen / 4;
 
         if (maxchar > writer->maxchar) {