[Python-checkins] CVS: python/dist/src/Modules pyexpat.c,2.9,2.10

Tue, 11 Jul 2000 18:27:21 -0700

Update of /cvsroot/python/python/dist/src/Modules
In directory slayer.i.sourceforge.net:/tmp/cvs-serv27849

Modified Files:
	pyexpat.c 
Log Message:
Fix bugs in readinst():
* There was no error reported if the .read() method returns a non-string
* If read() returned too much data, the buffer would be overflowed causing a 
  core dump
* Used strncpy, not memcpy, which seems incorrect if there are embedded \0s.
* The args and bytes objects were leaked


Index: pyexpat.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Modules/pyexpat.c,v
retrieving revision 2.9
retrieving revision 2.10
diff -C2 -r2.9 -r2.10
*** pyexpat.c	2000/07/12 00:53:41	2.9
--- pyexpat.c	2000/07/12 01:27:18	2.10
***************
*** 447,451 ****
  	PyObject *bytes=NULL;
  	PyObject *str=NULL;
! 	int len = 0;
  
  	UNLESS(bytes = PyInt_FromLong(buf_size)) {
--- 447,451 ----
  	PyObject *bytes=NULL;
  	PyObject *str=NULL;
! 	int len = -1;
  
  	UNLESS(bytes = PyInt_FromLong(buf_size)) {
***************
*** 459,463 ****
  		    goto finally;
  
- 	Py_INCREF(bytes);
  	if (PyTuple_SetItem(arg, 0, bytes) < 0)
  		goto finally;
--- 459,462 ----
***************
*** 466,476 ****
  		goto finally;
  
! 	UNLESS(PyString_Check( str ))
  		goto finally;
! 
  	len = PyString_GET_SIZE(str);
! 	strncpy(buf, PyString_AsString(str), len);
  	Py_XDECREF(str);
  finally:
  	return len;
  }
--- 465,489 ----
  		goto finally;
  
! 	/* XXX what to do if it returns a Unicode string? */
! 	UNLESS(PyString_Check( str )) {
! 		PyErr_Format(PyExc_TypeError, 
! 			     "read() did not return a string object (type=%.400s)",
! 			     str->ob_type->tp_name);
  		goto finally;
! 	}
! 	
  	len = PyString_GET_SIZE(str);
! 	if (len > buf_size) {
! 		PyErr_Format(PyExc_ValueError,
! 			     "read() returned too much data: "
! 			     "%i bytes requested, %i returned",
! 			     buf_size, len);
! 		Py_DECREF(str);
! 		goto finally;
! 	}
! 	memcpy(buf, PyString_AsString(str), len);
  	Py_XDECREF(str);
  finally:
+ 	Py_XDECREF(arg);
  	return len;
  }
***************
*** 513,524 ****
  		  if( fp ){
  		          bytes_read=fread( buf, sizeof( char ), BUF_SIZE, fp);
! 		  }else{
  			  bytes_read=readinst( buf, BUF_SIZE, readmethod );
  		  }
  
- 		  if (bytes_read < 0) {
- 			PyErr_SetFromErrno(PyExc_IOError);
- 			return NULL;
- 		  }
  		  rv=XML_ParseBuffer(self->itself, bytes_read, bytes_read == 0);
  		  if( PyErr_Occurred() ){
--- 526,539 ----
  		  if( fp ){
  		          bytes_read=fread( buf, sizeof( char ), BUF_SIZE, fp);
! 			  if (bytes_read < 0) {
! 				  PyErr_SetFromErrno(PyExc_IOError);
! 				  return NULL;
! 			  }
! 		  } else {
  			  bytes_read=readinst( buf, BUF_SIZE, readmethod );
+ 			  if (bytes_read < 0)
+ 				  return NULL;
  		  }
  
  		  rv=XML_ParseBuffer(self->itself, bytes_read, bytes_read == 0);
  		  if( PyErr_Occurred() ){