Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue #27570: Avoid zero-length memcpy() calls with null source pointers

This commit is contained in:
Martin Panter 2016-09-07 11:04:41 +00:00
parent 799520c91e
commit be8da9c990
5 changed files with 40 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Lib/test/test_array.py
View File

@ -38,14 +38,24 @@ typecodes = "ubBhHiIlLfd"
if have_long_long:
typecodes += 'qQ'
class BadConstructorTest(unittest.TestCase):
class MiscTest(unittest.TestCase):
def test_constructor(self):
def test_bad_constructor(self):
self.assertRaises(TypeError, array.array)
self.assertRaises(TypeError, array.array, spam=42)
self.assertRaises(TypeError, array.array, 'xx')
self.assertRaises(ValueError, array.array, 'x')
def test_empty(self):
# Exercise code for handling zero-length arrays
a = array.array('B')
a[:] = a
self.assertEqual(len(a), 0)
self.assertEqual(len(a + a), 0)
self.assertEqual(len(a * 3), 0)
a += a
self.assertEqual(len(a), 0)
# Machine format codes.
#

3
Misc/NEWS
View File

@ -67,6 +67,9 @@ Core and Builtins
Library
-------
- Issue #27570: Avoid zero-length memcpy() etc calls with null source
pointers in the "ctypes" and "array" modules.
- Issue #22233: Break email header lines *only* on the RFC specified CR and LF
characters, not on arbitrary unicode line breaks. This also fixes a bug in
HTTP header parsing.

6
Modules/_ctypes/_ctypes.c
View File

@ -1381,8 +1381,10 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
goto error;
}
stgdict->shape[0] = length;
memmove(&stgdict->shape[1], itemdict->shape,
sizeof(Py_ssize_t) * (stgdict->ndim - 1));
if (stgdict->ndim > 1) {
memmove(&stgdict->shape[1], itemdict->shape,
sizeof(Py_ssize_t) * (stgdict->ndim - 1));
}
itemsize = itemdict->size;
if (length * itemsize < 0) {

8
Modules/_ctypes/stgdict.c
View File

@ -391,9 +391,11 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
}
memset(stgdict->ffi_type_pointer.elements, 0,
sizeof(ffi_type *) * (basedict->length + len + 1));
memcpy(stgdict->ffi_type_pointer.elements,
basedict->ffi_type_pointer.elements,
sizeof(ffi_type *) * (basedict->length));
if (basedict->length > 0) {
memcpy(stgdict->ffi_type_pointer.elements,
basedict->ffi_type_pointer.elements,
sizeof(ffi_type *) * (basedict->length));
}
ffi_ofs = basedict->length;
} else {
offset = 0;

24
Modules/arraymodule.c
View File

@ -745,8 +745,10 @@ array_slice(arrayobject *a, Py_ssize_t ilow, Py_ssize_t ihigh)
np = (arrayobject *) newarrayobject(&Arraytype, ihigh - ilow, a->ob_descr);
if (np == NULL)
return NULL;
memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
(ihigh-ilow) * a->ob_descr->itemsize);
if (ihigh > ilow) {
memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
(ihigh-ilow) * a->ob_descr->itemsize);
}
return (PyObject *)np;
}
@ -804,9 +806,13 @@ array_concat(arrayobject *a, PyObject *bb)
if (np == NULL) {
return NULL;
}
memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
if (Py_SIZE(a) > 0) {
memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
}
if (Py_SIZE(b) > 0) {
memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
}
return (PyObject *)np;
#undef b
}
@ -826,7 +832,7 @@ array_repeat(arrayobject *a, Py_ssize_t n)
np = (arrayobject *) newarrayobject(&Arraytype, size, a->ob_descr);
if (np == NULL)
return NULL;
if (n == 0)
if (size == 0)
return (PyObject *)np;
oldbytes = Py_SIZE(a) * a->ob_descr->itemsize;
newbytes = oldbytes * n;
@ -985,8 +991,10 @@ array_do_extend(arrayobject *self, PyObject *bb)
size = oldsize + Py_SIZE(b);
if (array_resize(self, size) == -1)
return -1;
memcpy(self->ob_item + oldsize * self->ob_descr->itemsize,
b->ob_item, bbsize * b->ob_descr->itemsize);
if (bbsize > 0) {
memcpy(self->ob_item + oldsize * self->ob_descr->itemsize,
b->ob_item, bbsize * b->ob_descr->itemsize);
}
return 0;
#undef b