Antoine Pitrou <pit...@free.fr> added the comment:
> If we're accessing ob_digit[0] when Py_SIZE(x) == 0, that sounds like a
> bug to me.
_PyLong_Copy does.
It's ok as long as the object is int(0), because it's part of the small ints
and its allocated size is one digit.
The following hack seems to fix the issue here. Perhaps we can simply fix
_PyLong_Copy, but I wonder how many other parts of longobject.c rely on
accessing ob_digit[0].
diff --git a/Objects/longobject.c b/Objects/longobject.c
--- a/Objects/longobject.c
+++ b/Objects/longobject.c
@@ -4194,6 +4194,8 @@ long_subtype_new(PyTypeObject *type, PyO
n = Py_SIZE(tmp);
if (n < 0)
n = -n;
+ if (n == 0)
+ n = 1;
newobj = (PyLongObject *)type->tp_alloc(type, n);
if (newobj == NULL) {
Py_DECREF(tmp);
diff --git a/Objects/object.c b/Objects/object.c
--- a/Objects/object.c
+++ b/Objects/object.c
@@ -1010,6 +1010,8 @@ PyObject **
tsize = ((PyVarObject *)obj)->ob_size;
if (tsize < 0)
tsize = -tsize;
+ if (tsize == 0 && PyLong_Check(obj))
+ tsize = 1;
size = _PyObject_VAR_SIZE(tp, tsize);
dictoffset += (long)size;
@@ -1090,6 +1092,8 @@ PyObject *
tsize = ((PyVarObject *)obj)->ob_size;
if (tsize < 0)
tsize = -tsize;
+ if (tsize == 0 && PyLong_Check(obj))
+ tsize = 1;
size = _PyObject_VAR_SIZE(tp, tsize);
dictoffset += (long)size;
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue14630>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
