Address review: safer overflow check for slicelength_bound + 1

Copilot · csm10495 · Copilot · commit cd6cd5433281 · 2026-03-22T06:52:05.000Z
Co-authored-by: csm10495 <5749838+csm10495@users.noreply.github.com> Agent-Logs-Url: https://github.com/csm10495/cpython/sessions/996cabbe-7dc6-4faa-b95b-31907ef41b20
diff --git a/Objects/listobject.c b/Objects/listobject.c
@@ -3850,12 +3850,18 @@ list_ass_subscript_lock_held(PyObject *_self, PyObject *item, PyObject *value)
                     }
                     return -1;
                 }
-                Py_ssize_t alloc = slicelength_bound + 1;
-                if (alloc <= 0) {
-                    /* Overflow or zero-length slice; still collect at
-                       least 1 item so the size check can detect a
-                       non-empty iterable. */
-                    alloc = 1;
+                Py_ssize_t alloc;
+                if (slicelength_bound >= PY_SSIZE_T_MAX) {
+                    alloc = PY_SSIZE_T_MAX;
+                }
+                else {
+                    alloc = slicelength_bound + 1;
+                    if (alloc <= 0) {
+                        /* Zero-length slice; still collect at least
+                           1 item so the size check can detect a
+                           non-empty iterable. */
+                        alloc = 1;
+                    }
                 }
                 seq = PyList_New(alloc);
                 if (seq == NULL) {
