From e9c5379ab46c3706148ee459e3b6aa5625545d8b Mon Sep 17 00:00:00 2001
From: Guido van Rossum <guido@python.org>
Date: Wed, 19 Aug 1992 16:46:30 +0000
Subject: * renamed malloc.h mymalloc.h, and added MALLARG as the type of the  
 argument to malloc() (size_t or unsigned int)

* listobject.c: check for overflow of the size of the object,
  so things like range(0x7fffffff) will raise MemoryError instead
  of calling malloc() with -4 (and then crashing -- malloc's fault)
---
 Objects/listobject.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'Objects/listobject.c')

diff --git a/Objects/listobject.c b/Objects/listobject.c
index 0f517359de..c032532284 100644
--- a/Objects/listobject.c
+++ b/Objects/listobject.c
@@ -34,10 +34,16 @@ newlistobject(size)
 {
 	int i;
 	listobject *op;
+	MALLARG nbytes;
 	if (size < 0) {
 		err_badcall();
 		return NULL;
 	}
+	nbytes = size * sizeof(object *);
+	/* Check for overflow */
+	if (nbytes / sizeof(object *) != size) {
+		return err_nomem();
+	}
 	op = (listobject *) malloc(sizeof(listobject));
 	if (op == NULL) {
 		return err_nomem();
@@ -46,7 +52,7 @@ newlistobject(size)
 		op->ob_item = NULL;
 	}
 	else {
-		op->ob_item = (object **) malloc(size * sizeof(object *));
+		op->ob_item = (object **) malloc(nbytes);
 		if (op->ob_item == NULL) {
 			free((ANY *)op);
 			return err_nomem();
-- 
cgit v1.2.1