fix boundary conditions

picnixz · picnixz · commit 1fe8e284957b · 2024-10-31T13:46:50.000+01:00
diff --git a/Objects/codeobject.c b/Objects/codeobject.c
@@ -445,10 +445,9 @@ _PyCode_Validate(struct _PyCodeConstructor *con)
      *
      * See https://github.com/python/cpython/issues/126119 for details.
      */
-    int max_stacksize = (int)(INT_MAX / sizeof(PyObject *))
-                        - FRAME_SPECIALS_SIZE
-                        - (int)PyTuple_GET_SIZE(con->localsplusnames);
-    if (con->stacksize >= max_stacksize) {
+    int ub = (int)(INT_MAX / sizeof(PyObject *)) - FRAME_SPECIALS_SIZE;
+    Py_ssize_t nlocalsplus = PyTuple_GET_SIZE(con->localsplusnames);
+    if (nlocalsplus >= (Py_ssize_t)ub || con->stacksize >= (int)ub - nlocalsplus) {
         PyErr_SetString(PyExc_OverflowError, "code: co_stacksize is too large");
         return -1;
     }
diff --git a/Objects/frameobject.c b/Objects/frameobject.c
@@ -1806,6 +1806,7 @@ frame_sizeof(PyFrameObject *f, PyObject *Py_UNUSED(ignored))
 {
     Py_ssize_t base = offsetof(PyFrameObject, _f_frame_data)
                       + offsetof(_PyInterpreterFrame, localsplus);
+    assert(base <= INT_MAX);
     PyCodeObject *code = _PyFrame_GetCode(f->f_frame);
     int nslots = _PyFrame_NumSlotsForCodeObject(code);
     assert(nslots >= 0);
diff --git a/Objects/genobject.c b/Objects/genobject.c
@@ -819,6 +819,7 @@ gen_sizeof(PyGenObject *gen, PyObject *Py_UNUSED(ignored))
 {
     Py_ssize_t base = offsetof(PyGenObject, gi_iframe)
                       + offsetof(_PyInterpreterFrame, localsplus);
+    assert(base <= INT_MAX);
     PyCodeObject *code = _PyGen_GetCode(gen);
     int nslots = _PyFrame_NumSlotsForCodeObject(code);
     assert(nslots >= 0);

Original file line number	Diff line number	Diff line change
`@@ -445,10 +445,9 @@ _PyCode_Validate(struct _PyCodeConstructor *con)`
`445`	`445`	`*`
`446`	`446`	`* See https://github.com/python/cpython/issues/126119 for details.`
`447`	`447`	`*/`
`448`		`- int max_stacksize = (int)(INT_MAX / sizeof(PyObject *))`
`449`		`- - FRAME_SPECIALS_SIZE`
`450`		`- - (int)PyTuple_GET_SIZE(con->localsplusnames);`
`451`		`- if (con->stacksize >= max_stacksize) {`
	`448`	`+ int ub = (int)(INT_MAX / sizeof(PyObject *)) - FRAME_SPECIALS_SIZE;`
	`449`	`+ Py_ssize_t nlocalsplus = PyTuple_GET_SIZE(con->localsplusnames);`
	`450`	`+ if (nlocalsplus >= (Py_ssize_t)ub \|\| con->stacksize >= (int)ub - nlocalsplus) {`
`452`	`451`	`PyErr_SetString(PyExc_OverflowError, "code: co_stacksize is too large");`
`453`	`452`	`return -1;`
`454`	`453`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1806,6 +1806,7 @@ frame_sizeof(PyFrameObject f, PyObject Py_UNUSED(ignored))`
`1806`	`1806`	`{`
`1807`	`1807`	`Py_ssize_t base = offsetof(PyFrameObject, _f_frame_data)`
`1808`	`1808`	`+ offsetof(_PyInterpreterFrame, localsplus);`
	`1809`	`+ assert(base <= INT_MAX);`
`1809`	`1810`	`PyCodeObject *code = _PyFrame_GetCode(f->f_frame);`
`1810`	`1811`	`int nslots = _PyFrame_NumSlotsForCodeObject(code);`
`1811`	`1812`	`assert(nslots >= 0);`
Original file line number	Diff line number	Diff line change
`@@ -819,6 +819,7 @@ gen_sizeof(PyGenObject gen, PyObject Py_UNUSED(ignored))`
`819`	`819`	`{`
`820`	`820`	`Py_ssize_t base = offsetof(PyGenObject, gi_iframe)`
`821`	`821`	`+ offsetof(_PyInterpreterFrame, localsplus);`
	`822`	`+ assert(base <= INT_MAX);`
`822`	`823`	`PyCodeObject *code = _PyGen_GetCode(gen);`
`823`	`824`	`int nslots = _PyFrame_NumSlotsForCodeObject(code);`
`824`	`825`	`assert(nslots >= 0);`