From: Mark Dickinson <mdickinson@enthought.com>
Date: Mon, 19 Sep 2011 18:18:37 +0000 (+0100)
Subject: Issue #12973: Fix undefined-behaviour-inducing overflow check in list_repeat.
X-Git-Tag: v3.3.0a1~1521^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c0420fd42ade6d996bfe2ae2beffa3de79524883;p=python

Issue #12973: Fix undefined-behaviour-inducing overflow check in list_repeat.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index bfe536925a..bc52aa8ae9 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,10 @@ What's New in Python 3.2.3?
 Core and Builtins
 -----------------
 
+- Issue #12973: Fix overflow check that relied on undefined behaviour in
+  list_repeat.  This bug caused test_list to fail with recent versions
+  of Clang.
+
 - Issue #12802: the Windows error ERROR_DIRECTORY (numbered 267) is now
   mapped to POSIX errno ENOTDIR (previously EINVAL).
 
diff --git a/Objects/listobject.c b/Objects/listobject.c
index 73624f0b74..36f8b9dc70 100644
--- a/Objects/listobject.c
+++ b/Objects/listobject.c
@@ -58,7 +58,7 @@ list_resize(PyListObject *self, Py_ssize_t newsize)
     if (newsize == 0)
         new_allocated = 0;
     items = self->ob_item;
-    if (new_allocated <= ((~(size_t)0) / sizeof(PyObject *)))
+    if (new_allocated <= (PY_SIZE_MAX / sizeof(PyObject *)))
         PyMem_RESIZE(items, PyObject *, new_allocated);
     else
         items = NULL;
@@ -510,9 +510,9 @@ list_repeat(PyListObject *a, Py_ssize_t n)
     PyObject *elem;
     if (n < 0)
         n = 0;
-    size = Py_SIZE(a) * n;
-    if (n && size/n != Py_SIZE(a))
+    if (n > 0 && Py_SIZE(a) > PY_SSIZE_T_MAX / n)
         return PyErr_NoMemory();
+    size = Py_SIZE(a) * n;
     if (size == 0)
         return PyList_New(0);
     np = (PyListObject *) PyList_New(size);