From: Benjamin Peterson Date: Mon, 2 Feb 2015 02:10:47 +0000 (-0500) Subject: check for overflow in combinations_with_replacement (closes #23365) X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=17845c1786d8659dce42a3b906d0ae31fc1c3dac;p=python check for overflow in combinations_with_replacement (closes #23365) --- diff --git a/Lib/test/test_itertools.py b/Lib/test/test_itertools.py index cbb1b9266d..9cd3ad8c0c 100644 --- a/Lib/test/test_itertools.py +++ b/Lib/test/test_itertools.py @@ -213,6 +213,11 @@ class TestBasicOps(unittest.TestCase): self.assertEqual(result, list(cwr1(values, r))) # matches first pure python version self.assertEqual(result, list(cwr2(values, r))) # matches second pure python version + @test_support.bigaddrspacetest + def test_combinations_with_replacement_overflow(self): + with self.assertRaises(OverflowError): + combinations_with_replacement("AA", 2**30) + @test_support.impl_detail("tuple reuse is specific to CPython") def test_combinations_with_replacement_tuple_reuse(self): cwr = combinations_with_replacement diff --git a/Misc/NEWS b/Misc/NEWS index 87a1d9f720..b213a29f9e 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -18,6 +18,9 @@ Core and Builtins Library ------- +- Issue #23365: Fixed possible integer overflow in + itertools.combinations_with_replacement. + - Issue #23366: Fixed possible integer overflow in itertools.combinations. - Issue #23191: fnmatch functions that use caching are now threadsafe. diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c index 4eab79ce74..47a5e8bcb0 100644 --- a/Modules/itertoolsmodule.c +++ b/Modules/itertoolsmodule.c @@ -2346,6 +2346,10 @@ cwr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) goto error; } + if (r > PY_SSIZE_T_MAX/sizeof(Py_ssize_t)) { + PyErr_SetString(PyExc_OverflowError, "r is too big"); + goto error; + } indices = PyMem_Malloc(r * sizeof(Py_ssize_t)); if (indices == NULL) { PyErr_NoMemory();