detect overflow in combinations (closes #23366)

diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py
index 514a6b7a2063f6547e948633814157acbdb4501d..2475443dc40aeb4061f53a20e8d7a711c5d6430e 100644 (file)
--- a/Lib/test/test_itertools.py
+++ b/Lib/test/test_itertools.py
@@ -258,6 +258,11 @@ class TestBasicOps(unittest.TestCase):
 
                 self.pickletest(combinations(values, r))                 # test pickling
 
+    @support.bigaddrspacetest
+    def test_combinations_overflow(self):
+        with self.assertRaises(OverflowError):
+            combinations("AA", 2**29)
+
         # Test implementation detail:  tuple re-use
     @support.impl_detail("tuple reuse is specific to CPython")
     def test_combinations_tuple_reuse(self):

diff --git a/Misc/NEWS b/Misc/NEWS
index b69955aa61a0ee12f04711c4d60da3ee32580aa7..296c38a17060552b6f4b01b75315b55d7618d73f 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,8 @@ Library
 - Issue #23369: Fixed possible integer overflow in
   _json.encode_basestring_ascii.
 
+- Issue #23366: Fixed possible integer overflow in itertools.combinations.
+
 
 What's New in Python 3.3.6?
 ===========================

diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c
index 01231816123bdb29ca6c374cee46d858789636bb..580514388465f4ca8725adc3562f0535fc90fdbe 100644 (file)
--- a/Modules/itertoolsmodule.c
+++ b/Modules/itertoolsmodule.c
@@ -2326,6 +2326,10 @@ combinations_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
         goto error;
     }
 
+    if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) {
+        PyErr_SetString(PyExc_OverflowError, "r is too big");
+        goto error;
+    }
     indices = PyMem_Malloc(r * sizeof(Py_ssize_t));
     if (indices == NULL) {
         PyErr_NoMemory();