[Python-checkins] cpython (3.1): Issue #8650: Backport 64-bit safety fixes for compress() and decompress().
nadeem.vawda
python-checkins at python.org
Sat May 14 22:34:48 CEST 2011
http://hg.python.org/cpython/rev/850624632e9a
changeset: 70103:850624632e9a
branch: 3.1
parent: 70099:6a45567c7245
user: Nadeem Vawda <nadeem.vawda at gmail.com>
date: Sat May 14 22:26:55 2011 +0200
summary:
Issue #8650: Backport 64-bit safety fixes for compress() and decompress().
files:
Lib/test/test_zlib.py | 11 +++++++++++
Modules/zlibmodule.c | 31 +++++++++++++++++++++----------
2 files changed, 32 insertions(+), 10 deletions(-)
diff --git a/Lib/test/test_zlib.py b/Lib/test/test_zlib.py
--- a/Lib/test/test_zlib.py
+++ b/Lib/test/test_zlib.py
@@ -186,6 +186,17 @@
def test_big_decompress_buffer(self, size):
self.check_big_decompress_buffer(size, zlib.decompress)
+ @precisionbigmemtest(size=_4G + 100, memuse=1)
+ def test_length_overflow(self, size):
+ if size < _4G + 100:
+ self.skipTest("not enough free memory, need at least 4 GB")
+ data = b'x' * size
+ try:
+ self.assertRaises(OverflowError, zlib.compress, data, 1)
+ self.assertRaises(OverflowError, zlib.decompress, data)
+ finally:
+ data = None
+
class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase):
# Test compression object
diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c
--- a/Modules/zlibmodule.c
+++ b/Modules/zlibmodule.c
@@ -116,13 +116,20 @@
{
PyObject *ReturnVal = NULL;
Py_buffer pinput;
- Byte *input, *output;
- int length, level=Z_DEFAULT_COMPRESSION, err;
+ Byte *input, *output = NULL;
+ unsigned int length;
+ int level=Z_DEFAULT_COMPRESSION, err;
z_stream zst;
/* require Python string object, optional 'level' arg */
if (!PyArg_ParseTuple(args, "y*|i:compress", &pinput, &level))
return NULL;
+
+ if (pinput.len > UINT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "Size does not fit in an unsigned int");
+ goto error;
+ }
input = pinput.buf;
length = pinput.len;
@@ -130,10 +137,9 @@
output = (Byte*)malloc(zst.avail_out);
if (output == NULL) {
- PyBuffer_Release(&pinput);
PyErr_SetString(PyExc_MemoryError,
"Can't allocate memory to compress data");
- return NULL;
+ goto error;
}
/* Past the point of no return. From here on out, we need to make sure
@@ -196,10 +202,11 @@
static PyObject *
PyZlib_decompress(PyObject *self, PyObject *args)
{
- PyObject *result_str;
+ PyObject *result_str = NULL;
Py_buffer pinput;
Byte *input;
- int length, err;
+ unsigned int length;
+ int err;
int wsize=DEF_WBITS;
Py_ssize_t r_strlen=DEFAULTALLOC;
z_stream zst;
@@ -207,6 +214,12 @@
if (!PyArg_ParseTuple(args, "y*|in:decompress",
&pinput, &wsize, &r_strlen))
return NULL;
+
+ if (pinput.len > UINT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "Size does not fit in an unsigned int");
+ goto error;
+ }
input = pinput.buf;
length = pinput.len;
@@ -216,10 +229,8 @@
zst.avail_in = length;
zst.avail_out = r_strlen;
- if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen))) {
- PyBuffer_Release(&pinput);
- return NULL;
- }
+ if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen)))
+ goto error;
zst.zalloc = (alloc_func)NULL;
zst.zfree = (free_func)Z_NULL;
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list