Issue #12973: Fix itertools bug caused by signed integer overflow. Thanks Stefan...

diff --git a/Misc/NEWS b/Misc/NEWS
index fd98d021e501d0eea7d930b00c12f73783f1b016..1b0373663ea861ae7b41d354a5cf5d407028f079 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -17,9 +17,9 @@ Core and Builtins
 - Issue #13021: Missing decref on an error path.  Thanks to Suman Saha for
   finding the bug and providing a patch.
 
-- Issue #12973: Fix overflow check that relied on undefined behaviour in
-  list_repeat.  This bug caused test_list to fail with recent versions
-  of Clang.
+- Issue #12973: Fix overflow checks that relied on undefined behaviour in
+  list_repeat (listobject.c) and islice_next (itertoolsmodule.c).  These bugs
+  caused test failures with recent versions of Clang.
 
 - Issue #12802: the Windows error ERROR_DIRECTORY (numbered 267) is now
   mapped to POSIX errno ENOTDIR (previously EINVAL).

diff --git a/Modules/itertoolsmodule.c b/Modules/itertoolsmodule.c
index 71d5bb646c9e0c65de8fd0e41ccce0d32530c655..8b6fa855a87394fc0c6f03d4f33fa20774c34916 100644 (file)
--- a/Modules/itertoolsmodule.c
+++ b/Modules/itertoolsmodule.c
@@ -1234,7 +1234,9 @@ islice_next(isliceobject *lz)
         return NULL;
     lz->cnt++;
     oldnext = lz->next;
-    lz->next += lz->step;
+    /* The (size_t) cast below avoids the danger of undefined
+       behaviour from signed integer overflow. */
+    lz->next += (size_t)lz->step;
     if (lz->next < oldnext || (stop != -1 && lz->next > stop))
         lz->next = stop;
     return item;