[Python-checkins] python/dist/src/Objects stringobject.c,2.147.6.10,2.147.6.11 unicodeobject.c,2.124.6.16,2.124.6.17
gvanrossum@users.sourceforge.net
gvanrossum@users.sourceforge.net
Thu, 10 Oct 2002 17:47:23 -0700
- Previous message: [Python-checkins] python/dist/src/Objects stringobject.c,2.193,2.194 unicodeobject.c,2.171,2.172
- Next message: [Python-checkins] python/dist/src configure,1.345,1.346 configure.in,1.356,1.357 pyconfig.h.in,1.53,1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/python/python/dist/src/Objects
In directory usw-pr-cvs1:/tmp/cvs-serv22726
Modified Files:
Tag: release22-maint
stringobject.c unicodeobject.c
Log Message:
Backport stringobject.c 2.194 and unicodeobject.c 2.172:
Fix a nasty endcase reported by Armin Rigo in SF bug 618623:
'%2147483647d' % -123 segfaults. This was because an integer overflow
in a comparison caused the string resize to be skipped. After fixing
the overflow, this could call _PyString_Resize() with a negative size,
so I (1) test for that and raise MemoryError instead; (2) also added a
test for negative newsize to _PyString_Resize(), raising SystemError
as for all bad arguments.
An identical bug existed in unicodeobject.c, of course.
Index: stringobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/stringobject.c,v
retrieving revision 2.147.6.10
retrieving revision 2.147.6.11
diff -C2 -d -r2.147.6.10 -r2.147.6.11
*** stringobject.c 11 Oct 2002 00:09:51 -0000 2.147.6.10
--- stringobject.c 11 Oct 2002 00:47:19 -0000 2.147.6.11
***************
*** 2989,2993 ****
register PyStringObject *sv;
v = *pv;
! if (!PyString_Check(v) || v->ob_refcnt != 1) {
*pv = 0;
Py_DECREF(v);
--- 2989,2993 ----
register PyStringObject *sv;
v = *pv;
! if (!PyString_Check(v) || v->ob_refcnt != 1 || newsize < 0) {
*pv = 0;
Py_DECREF(v);
***************
*** 3601,3608 ****
if (width < len)
width = len;
! if (rescnt < width + (sign != 0)) {
reslen -= rescnt;
rescnt = width + fmtcnt + 100;
reslen += rescnt;
if (_PyString_Resize(&result, reslen) < 0)
return NULL;
--- 3601,3612 ----
if (width < len)
width = len;
! if (rescnt - (sign != 0) < width) {
reslen -= rescnt;
rescnt = width + fmtcnt + 100;
reslen += rescnt;
+ if (reslen < 0) {
+ Py_DECREF(result);
+ return PyErr_NoMemory();
+ }
if (_PyString_Resize(&result, reslen) < 0)
return NULL;
Index: unicodeobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/unicodeobject.c,v
retrieving revision 2.124.6.16
retrieving revision 2.124.6.17
diff -C2 -d -r2.124.6.16 -r2.124.6.17
*** unicodeobject.c 7 Oct 2002 12:32:56 -0000 2.124.6.16
--- unicodeobject.c 11 Oct 2002 00:47:20 -0000 2.124.6.17
***************
*** 262,266 ****
}
v = (PyUnicodeObject *)*unicode;
! if (v == NULL || !PyUnicode_Check(v) || v->ob_refcnt != 1) {
PyErr_BadInternalCall();
return -1;
--- 262,266 ----
}
v = (PyUnicodeObject *)*unicode;
! if (v == NULL || !PyUnicode_Check(v) || v->ob_refcnt != 1 || length < 0) {
PyErr_BadInternalCall();
return -1;
***************
*** 5732,5739 ****
if (width < len)
width = len;
! if (rescnt < width + (sign != 0)) {
reslen -= rescnt;
rescnt = width + fmtcnt + 100;
reslen += rescnt;
if (_PyUnicode_Resize(&result, reslen) < 0)
return NULL;
--- 5732,5743 ----
if (width < len)
width = len;
! if (rescnt - (sign != 0) < width) {
reslen -= rescnt;
rescnt = width + fmtcnt + 100;
reslen += rescnt;
+ if (reslen < 0) {
+ Py_DECREF(result);
+ return PyErr_NoMemory();
+ }
if (_PyUnicode_Resize(&result, reslen) < 0)
return NULL;
- Previous message: [Python-checkins] python/dist/src/Objects stringobject.c,2.193,2.194 unicodeobject.c,2.171,2.172
- Next message: [Python-checkins] python/dist/src configure,1.345,1.346 configure.in,1.356,1.357 pyconfig.h.in,1.53,1.54
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]