$OpenBSD: patch-Objects_obmalloc_c,v 1.1 2008/08/06 03:23:31 djm Exp $
--- Objects/obmalloc.c.orig	Thu Feb 14 22:26:18 2008
+++ Objects/obmalloc.c	Tue Aug  5 18:18:52 2008
@@ -727,6 +727,15 @@ PyObject_Malloc(size_t nbytes)
 	uint size;
 
 	/*
+	 * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes.
+	 * Most python internals blindly use a signed Py_ssize_t to track
+	 * things without checking for overflows or negatives.
+	 * As size_t is unsigned, checking for nbytes < 0 is not required.
+	 */
+	if (nbytes > PY_SSIZE_T_MAX)
+		return NULL;
+
+	/*
 	 * This implicitly redirects malloc(0).
 	 */
 	if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
@@ -1129,6 +1138,15 @@ PyObject_Realloc(void *p, size_t nbytes)
 
 	if (p == NULL)
 		return PyObject_Malloc(nbytes);
+
+	/*
+	 * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes.
+	 * Most python internals blindly use a signed Py_ssize_t to track
+	 * things without checking for overflows or negatives.
+	 * As size_t is unsigned, checking for nbytes < 0 is not required.
+	 */
+	if (nbytes > PY_SSIZE_T_MAX)
+		return NULL;
 
 	pool = POOL_ADDR(p);
 	if (Py_ADDRESS_IN_RANGE(p, pool)) {
