From c7d93b761413834e0ac39f5fc648565a2843121f Mon Sep 17 00:00:00 2001
From: Mark Dickinson <mdickinson@enthought.com>
Date: Sun, 25 Sep 2011 15:34:32 +0100
Subject: Issue #1621: Fix undefined behaviour from signed overflow in datetime
 module hashes, array and list iterations, and get_integer
 (stringlib/string_format.h)

---
 Objects/stringlib/string_format.h | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'Objects/stringlib/string_format.h')

diff --git a/Objects/stringlib/string_format.h b/Objects/stringlib/string_format.h
index 6c7adcb01ed..d992b6f53c3 100644
--- a/Objects/stringlib/string_format.h
+++ b/Objects/stringlib/string_format.h
@@ -209,19 +209,17 @@ get_integer(const SubString *str)
         if (digitval < 0)
             return -1;
         /*
-           This trick was copied from old Unicode format code.  It's cute,
-           but would really suck on an old machine with a slow divide
-           implementation.  Fortunately, in the normal case we do not
-           expect too many digits.
+           Detect possible overflow before it happens:
+
+              accumulator * 10 + digitval > PY_SSIZE_T_MAX if and only if
+              accumulator > (PY_SSIZE_T_MAX - digitval) / 10.
         */
-        oldaccumulator = accumulator;
-        accumulator *= 10;
-        if ((accumulator+10)/10 != oldaccumulator+1) {
+        if (accumulator > (PY_SSIZE_T_MAX - digitval) / 10) {
             PyErr_Format(PyExc_ValueError,
                          "Too many decimal digits in format string");
             return -1;
         }
-        accumulator += digitval;
+        accumulator = accumulator * 10 + digitval;
     }
     return accumulator;
 }
-- 
cgit v1.2.3