Backport r62261 from trunk:
Prevent PyString_FromStringAndSize() from passing negative sizes on to lower level memory allocation functions. Raise a SystemError and return NULL instead.
This commit is contained in:
parent
3782da4e0a
commit
14acde30f6
11
Misc/NEWS
11
Misc/NEWS
|
@ -30,13 +30,15 @@ Core and builtins
|
|||
- Issue #2238: Some syntax errors in *args and **kwargs expressions could give
|
||||
bogus error messages.
|
||||
|
||||
- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
|
||||
parameter but was not verifying that it was greater than zero. Values
|
||||
less than zero will now raise a SystemError and return NULL to indicate a
|
||||
bug in the calling C code.
|
||||
|
||||
|
||||
Library
|
||||
-------
|
||||
|
||||
- zlib.decompressobj().flush(value) no longer crashes the interpreter when
|
||||
passed a value less than or equal to zero.
|
||||
|
||||
- Issue #2495: tokenize.untokenize now inserts a space between two consecutive
|
||||
string literals; previously, ["" ""] was rendered as [""""], which is
|
||||
incorrect python code.
|
||||
|
@ -72,6 +74,9 @@ Library
|
|||
Extension Modules
|
||||
-----------------
|
||||
|
||||
- zlib.decompressobj().flush(value) no longer crashes the interpreter when
|
||||
passed a value less than or equal to zero.
|
||||
|
||||
Tests
|
||||
-----
|
||||
|
||||
|
|
|
@ -54,6 +54,11 @@ PyString_FromStringAndSize(const char *str, Py_ssize_t size)
|
|||
{
|
||||
register PyStringObject *op;
|
||||
assert(size >= 0);
|
||||
if (size < 0) {
|
||||
PyErr_SetString(PyExc_SystemError,
|
||||
"Negative size passed to PyString_FromStringAndSize");
|
||||
return NULL;
|
||||
}
|
||||
if (size == 0 && (op = nullstring) != NULL) {
|
||||
#ifdef COUNT_ALLOCS
|
||||
null_strings++;
|
||||
|
|
Loading…
Reference in New Issue