[Python-checkins] python/dist/src/Objects unicodeobject.c, 2.196, 2.197

jhylton at users.sourceforge.net jhylton at users.sourceforge.net
Tue Sep 16 15:41:41 EDT 2003 

Update of /cvsroot/python/python/dist/src/Objects
In directory sc8-pr-cvs1:/tmp/cvs-serv22624/Objects

Modified Files:
	unicodeobject.c 
Log Message:
Double-fix of crash in Unicode freelist handling.

If a length-1 Unicode string was in the freelist and it was
uninitialized or pointed to a very large (magnitude) negative number,
the check 

	 unicode_latin1[unicode->str[0]] == unicode

could cause a segmentation violation, e.g. unicode->str[0] is 0xcbcbcbcb.

Fix this in two ways: 

1. Change guard befor unicode_latin1[] to test against 256U.  If I
   understand correctly, the unsigned long used to store UCS4 on my
   box was getting converted to a signed long to compare with the
   signed constant 256.

2. Change _PyUnicode_New() to make sure the first element of str is
   always initialized to zero.  There are several places in the code
   where the caller can exit with an error before initializing any 
   of str, which would leave junk in str[0].

Also, silence a compiler warning on pointer vs. int arithmetic.

Bug fix candidate.


Index: unicodeobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/unicodeobject.c,v
retrieving revision 2.196
retrieving revision 2.197
diff -C2 -d -r2.196 -r2.197
*** unicodeobject.c	16 Sep 2003 03:41:45 -0000	2.196
--- unicodeobject.c	16 Sep 2003 19:41:39 -0000	2.197
***************
*** 133,137 ****
      if (unicode == unicode_empty || 
  	(unicode->length == 1 && 
! 	 unicode->str[0] < 256 &&
  	 unicode_latin1[unicode->str[0]] == unicode)) {
          PyErr_SetString(PyExc_SystemError,
--- 133,138 ----
      if (unicode == unicode_empty || 
  	(unicode->length == 1 && 
!          /* XXX Is unicode->str[] always unsigned? */
! 	 unicode->str[0] < 256U &&
  	 unicode_latin1[unicode->str[0]] == unicode)) {
          PyErr_SetString(PyExc_SystemError,
***************
*** 212,215 ****
--- 213,220 ----
  	goto onError;
      }
+     /* Initialize the first element to guard against cases where
+        the caller fails before initializing str.
+     */
+     unicode->str[0] = 0;
      unicode->str[length] = 0;
      unicode->length = length;
***************
*** 2528,2532 ****
  	    startinpos = s-starts;
  	    endinpos = startinpos + 1;
! 	    outpos = p-PyUnicode_AS_UNICODE(v);
  	    if (unicode_decode_call_errorhandler(
  		 errors, &errorHandler,
--- 2533,2537 ----
  	    startinpos = s-starts;
  	    endinpos = startinpos + 1;
! 	    outpos = p - (Py_UNICODE *)PyUnicode_AS_UNICODE(v);
  	    if (unicode_decode_call_errorhandler(
  		 errors, &errorHandler,

More information about the Python-checkins mailing list