lang/python25/patches/patch-bb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

$NetBSD: patch-bb,v 1.1.2.2 2008/09/02 14:13:33 rtr Exp $

Patch for CVE-2008-2315 taken from Gentoo.

--- Objects/tupleobject.c.orig	2006-08-12 18:03:09.000000000 +0100
+++ Objects/tupleobject.c	2008-08-30 10:16:13.000000000 +0100
@@ -60,11 +60,12 @@
 		Py_ssize_t nbytes = size * sizeof(PyObject *);
 		/* Check for overflow */
 		if (nbytes / sizeof(PyObject *) != (size_t)size ||
-		    (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
-		    <= 0)
+		    (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
 		{
 			return PyErr_NoMemory();
 		}
+		nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
+
 		op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
 		if (op == NULL)
 			return NULL;