* Fix potential division by zero in BZ2_Malloc()
* Avoid division by zero in PyLzma_Malloc()
* Avoid division by zero and integer overflow in PyZlib_Malloc()
Reported by Svace static analyzer.
(cherry picked from commit
3d4fabb2a424cb04ae446ebe4428090c386f45a5)
Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
{
if (items < 0 || size < 0)
return NULL;
- if ((size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size)
+ if (size != 0 && (size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size)
return NULL;
/* PyMem_Malloc() cannot be used: compress() and decompress()
release the GIL */
- return PyMem_RawMalloc(items * size);
+ return PyMem_RawMalloc((size_t)items * (size_t)size);
}
static void
static void*
PyLzma_Malloc(void *opaque, size_t items, size_t size)
{
- if (items > (size_t)PY_SSIZE_T_MAX / size)
+ if (size != 0 && items > (size_t)PY_SSIZE_T_MAX / size)
return NULL;
/* PyMem_Malloc() cannot be used:
the GIL is not held when lzma_code() is called */
static void*
PyZlib_Malloc(voidpf ctx, uInt items, uInt size)
{
- if (items > (size_t)PY_SSIZE_T_MAX / size)
+ if (size != 0 && items > (size_t)PY_SSIZE_T_MAX / size)
return NULL;
/* PyMem_Malloc() cannot be used: the GIL is not held when
inflate() and deflate() are called */
- return PyMem_RawMalloc(items * size);
+ return PyMem_RawMalloc((size_t)items * (size_t)size);
}
static void
projects / thirdparty / Python / cpython.git / commitdiff
