From: Guido van Rossum <guido@python.org>
Date: Wed, 28 Jun 2000 21:18:13 +0000 (+0000)
Subject: Trent Mick:
X-Git-Tag: v2.0b1~1352
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3262e1675335e00e0f437cce921a1b22a8a33b76;p=thirdparty%2FPython%2Fcpython.git

Trent Mick:

This patches fixes a possible overflow of the optional timeout
parameter for the select() function (selectmodule.c). This timeout is
passed in as a double and then truncated to an int. If the double is
sufficiently large you can get unexpected results as it
overflows. This patch raises an overflow if the given select timeout
overflows.

[GvR: To my embarrassment, the original code was assuming an int could
always hold a million.  Note that the overflow check doesn't test for
a very large *negative* timeout passed in -- but who in the world
would do such a thing?]
---

diff --git a/Modules/selectmodule.c b/Modules/selectmodule.c
index fb46fc30719b..21eab476f10e 100644
--- a/Modules/selectmodule.c
+++ b/Modules/selectmodule.c
@@ -238,7 +238,7 @@ select_select(self, args)
 	fd_set ifdset, ofdset, efdset;
 	double timeout;
 	struct timeval tv, *tvp;
-	int seconds;
+	long seconds;
 	int imax, omax, emax, max;
 	int n;
 
@@ -255,10 +255,14 @@ select_select(self, args)
 		return NULL;
 	}
 	else {
-		seconds = (int)timeout;
+		if (timeout > (double)LONG_MAX) {
+			PyErr_SetString(PyExc_OverflowError, "timeout period too long");
+			return NULL;
+		}
+		seconds = (long)timeout;
 		timeout = timeout - (double)seconds;
 		tv.tv_sec = seconds;
-		tv.tv_usec = (int)(timeout*1000000.0);
+		tv.tv_usec = (long)(timeout*1000000.0);
 		tvp = &tv;
 	}