Backport r62261 from trunk:
Prevent PyString_FromStringAndSize() from passing negative sizes on to lower level memory allocation functions. Raise a SystemError and return NULL instead.
This commit is contained in:
parent
3782da4e0a
commit
14acde30f6
11
Misc/NEWS
11
Misc/NEWS
|
@ -30,13 +30,15 @@ Core and builtins
|
||||||
- Issue #2238: Some syntax errors in *args and **kwargs expressions could give
|
- Issue #2238: Some syntax errors in *args and **kwargs expressions could give
|
||||||
bogus error messages.
|
bogus error messages.
|
||||||
|
|
||||||
|
- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
|
||||||
|
parameter but was not verifying that it was greater than zero. Values
|
||||||
|
less than zero will now raise a SystemError and return NULL to indicate a
|
||||||
|
bug in the calling C code.
|
||||||
|
|
||||||
|
|
||||||
Library
|
Library
|
||||||
-------
|
-------
|
||||||
|
|
||||||
- zlib.decompressobj().flush(value) no longer crashes the interpreter when
|
|
||||||
passed a value less than or equal to zero.
|
|
||||||
|
|
||||||
- Issue #2495: tokenize.untokenize now inserts a space between two consecutive
|
- Issue #2495: tokenize.untokenize now inserts a space between two consecutive
|
||||||
string literals; previously, ["" ""] was rendered as [""""], which is
|
string literals; previously, ["" ""] was rendered as [""""], which is
|
||||||
incorrect python code.
|
incorrect python code.
|
||||||
|
@ -72,6 +74,9 @@ Library
|
||||||
Extension Modules
|
Extension Modules
|
||||||
-----------------
|
-----------------
|
||||||
|
|
||||||
|
- zlib.decompressobj().flush(value) no longer crashes the interpreter when
|
||||||
|
passed a value less than or equal to zero.
|
||||||
|
|
||||||
Tests
|
Tests
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
|
|
@ -54,6 +54,11 @@ PyString_FromStringAndSize(const char *str, Py_ssize_t size)
|
||||||
{
|
{
|
||||||
register PyStringObject *op;
|
register PyStringObject *op;
|
||||||
assert(size >= 0);
|
assert(size >= 0);
|
||||||
|
if (size < 0) {
|
||||||
|
PyErr_SetString(PyExc_SystemError,
|
||||||
|
"Negative size passed to PyString_FromStringAndSize");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
if (size == 0 && (op = nullstring) != NULL) {
|
if (size == 0 && (op = nullstring) != NULL) {
|
||||||
#ifdef COUNT_ALLOCS
|
#ifdef COUNT_ALLOCS
|
||||||
null_strings++;
|
null_strings++;
|
||||||
|
|
Loading…
Reference in New Issue