[Python-checkins] python/dist/src/Objects unicodeobject.c, 2.196,
2.197
jhylton at users.sourceforge.net
jhylton at users.sourceforge.net
Tue Sep 16 15:41:41 EDT 2003
Update of /cvsroot/python/python/dist/src/Objects
In directory sc8-pr-cvs1:/tmp/cvs-serv22624/Objects
Modified Files:
unicodeobject.c
Log Message:
Double-fix of crash in Unicode freelist handling.
If a length-1 Unicode string was in the freelist and it was
uninitialized or pointed to a very large (magnitude) negative number,
the check
unicode_latin1[unicode->str[0]] == unicode
could cause a segmentation violation, e.g. unicode->str[0] is 0xcbcbcbcb.
Fix this in two ways:
1. Change guard befor unicode_latin1[] to test against 256U. If I
understand correctly, the unsigned long used to store UCS4 on my
box was getting converted to a signed long to compare with the
signed constant 256.
2. Change _PyUnicode_New() to make sure the first element of str is
always initialized to zero. There are several places in the code
where the caller can exit with an error before initializing any
of str, which would leave junk in str[0].
Also, silence a compiler warning on pointer vs. int arithmetic.
Bug fix candidate.
Index: unicodeobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/unicodeobject.c,v
retrieving revision 2.196
retrieving revision 2.197
diff -C2 -d -r2.196 -r2.197
*** unicodeobject.c 16 Sep 2003 03:41:45 -0000 2.196
--- unicodeobject.c 16 Sep 2003 19:41:39 -0000 2.197
***************
*** 133,137 ****
if (unicode == unicode_empty ||
(unicode->length == 1 &&
! unicode->str[0] < 256 &&
unicode_latin1[unicode->str[0]] == unicode)) {
PyErr_SetString(PyExc_SystemError,
--- 133,138 ----
if (unicode == unicode_empty ||
(unicode->length == 1 &&
! /* XXX Is unicode->str[] always unsigned? */
! unicode->str[0] < 256U &&
unicode_latin1[unicode->str[0]] == unicode)) {
PyErr_SetString(PyExc_SystemError,
***************
*** 212,215 ****
--- 213,220 ----
goto onError;
}
+ /* Initialize the first element to guard against cases where
+ the caller fails before initializing str.
+ */
+ unicode->str[0] = 0;
unicode->str[length] = 0;
unicode->length = length;
***************
*** 2528,2532 ****
startinpos = s-starts;
endinpos = startinpos + 1;
! outpos = p-PyUnicode_AS_UNICODE(v);
if (unicode_decode_call_errorhandler(
errors, &errorHandler,
--- 2533,2537 ----
startinpos = s-starts;
endinpos = startinpos + 1;
! outpos = p - (Py_UNICODE *)PyUnicode_AS_UNICODE(v);
if (unicode_decode_call_errorhandler(
errors, &errorHandler,
More information about the Python-checkins
mailing list