bpo-36856: Handle possible overflow in faulthandler_stack_overflow (GH-13205)

author Xi Ruoyao <xry111@mengyan1223.wang>

Sat, 11 May 2019 17:13:23 +0000 (01:13 +0800)

committer Victor Stinner <vstinner@redhat.com>

Sat, 11 May 2019 17:13:23 +0000 (19:13 +0200)
author Xi Ruoyao <xry111@mengyan1223.wang>
Sat, 11 May 2019 17:13:23 +0000 (01:13 +0800)
committer Victor Stinner <vstinner@redhat.com>
Sat, 11 May 2019 17:13:23 +0000 (19:13 +0200)
diff --git a/Modules/faulthandler.c b/Modules/faulthandler.c

index d45b8660ee65f784938f42b97404aa099577b391..63a9b91ac469ee430e77bc77fd79c73101bd3d1f 100644 (file)
--- a/Modules/faulthandler.c
+++ b/Modules/faulthandler.c
@@ -1121,13 +1121,26 @@ faulthandler_stack_overflow(PyObject *self, PyObject *Py_UNUSED(ignored))
  {
      size_t depth, size;
      uintptr_t sp = (uintptr_t)&depth;
-    uintptr_t stop;
+    uintptr_t stop, lower_limit, upper_limit;
  
      faulthandler_suppress_crash_report();
      depth = 0;
-    stop = stack_overflow(sp - STACK_OVERFLOW_MAX_SIZE,
-                          sp + STACK_OVERFLOW_MAX_SIZE,
-                          &depth);
+
+    if (STACK_OVERFLOW_MAX_SIZE <= sp) {
+        lower_limit = sp - STACK_OVERFLOW_MAX_SIZE;
+    }
+    else {
+        lower_limit = 0;
+    }
+
+    if (UINTPTR_MAX - STACK_OVERFLOW_MAX_SIZE >= sp) {
+        upper_limit = sp + STACK_OVERFLOW_MAX_SIZE;
+    }
+    else {
+        upper_limit = UINTPTR_MAX;
+    }
+
+    stop = stack_overflow(lower_limit, upper_limit, &depth);
      if (sp < stop)
          size = stop - sp;
      else
author	Xi Ruoyao <xry111@mengyan1223.wang>
	Sat, 11 May 2019 17:13:23 +0000 (01:13 +0800)
committer	Victor Stinner <vstinner@redhat.com>
	Sat, 11 May 2019 17:13:23 +0000 (19:13 +0200)