traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer 

overflows.  Added few missed PyErr_NoMemory().
This commit is contained in:
Serhiy Storchaka 2015-02-16 13:33:32 +02:00
parent 53fa8b2a4b 1a1ff29659
commit 4d0d982985
15 changed files with 50 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Modules/_ctypes/_ctypes.c
View File

@ -4305,8 +4305,11 @@ Array_subscript(PyObject *myself, PyObject *item)
slicelen); slicelen);
} }
dest = (wchar_t *)PyMem_Malloc( dest = PyMem_New(wchar_t, slicelen);
slicelen * sizeof(wchar_t)); if (dest == NULL) {
PyErr_NoMemory();
return NULL;
}
for (cur = start, i = 0; i < slicelen; for (cur = start, i = 0; i < slicelen;
cur += step, i++) { cur += step, i++) {
@ -4986,7 +4989,7 @@ Pointer_subscript(PyObject *myself, PyObject *item)
return PyUnicode_FromWideChar(ptr + start, return PyUnicode_FromWideChar(ptr + start,
len); len);
} }
dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t)); dest = PyMem_New(wchar_t, len);
if (dest == NULL) if (dest == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
for (cur = start, i = 0; i < len; cur += step, i++) { for (cur = start, i = 0; i < len; cur += step, i++) {

12
Modules/_ctypes/stgdict.c
View File

@ -76,14 +76,18 @@ PyCStgDict_clone(StgDictObject *dst, StgDictObject *src)
if (src->format) { if (src->format) {
dst->format = PyMem_Malloc(strlen(src->format) + 1); dst->format = PyMem_Malloc(strlen(src->format) + 1);
if (dst->format == NULL) if (dst->format == NULL) {
PyErr_NoMemory();
return -1; return -1;
}
strcpy(dst->format, src->format); strcpy(dst->format, src->format);
} }
if (src->shape) { if (src->shape) {
dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim); dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim);
if (dst->shape == NULL) if (dst->shape == NULL) {
PyErr_NoMemory();
return -1; return -1;
}
memcpy(dst->shape, src->shape, memcpy(dst->shape, src->shape,
sizeof(Py_ssize_t) * src->ndim); sizeof(Py_ssize_t) * src->ndim);
} }
@ -380,7 +384,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
union_size = 0; union_size = 0;
total_align = align ? align : 1; total_align = align ? align : 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT; stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1)); stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) { if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
return -1; return -1;
@ -398,7 +402,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
union_size = 0; union_size = 0;
total_align = 1; total_align = 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT; stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1)); stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) { if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
return -1; return -1;

2
Modules/_localemodule.c
View File

@ -254,7 +254,7 @@ PyLocale_strxfrm(PyObject* self, PyObject* args)
/* assume no change in size, first */ /* assume no change in size, first */
n1 = n1 + 1; n1 = n1 + 1;
buf = PyMem_Malloc(n1 * sizeof(wchar_t)); buf = PyMem_New(wchar_t, n1);
if (!buf) { if (!buf) {
PyErr_NoMemory(); PyErr_NoMemory();
goto exit; goto exit;

7
Modules/_ssl.c
View File

@ -4287,10 +4287,11 @@ static int _setup_ssl_threads(void) {
if (_ssl_locks == NULL) { if (_ssl_locks == NULL) {
_ssl_locks_count = CRYPTO_num_locks(); _ssl_locks_count = CRYPTO_num_locks();
_ssl_locks = (PyThread_type_lock *) _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count); if (_ssl_locks == NULL) {
if (_ssl_locks == NULL) PyErr_NoMemory();
return 0; return 0;
}
memset(_ssl_locks, 0, memset(_ssl_locks, 0,
sizeof(PyThread_type_lock) * _ssl_locks_count); sizeof(PyThread_type_lock) * _ssl_locks_count);
for (i = 0; i < _ssl_locks_count; i++) { for (i = 0; i < _ssl_locks_count; i++) {

2
Modules/_testbuffer.c
View File

@ -850,7 +850,7 @@ seq_as_ssize_array(PyObject *seq, Py_ssize_t len, int is_shape)
Py_ssize_t *dest; Py_ssize_t *dest;
Py_ssize_t x, i; Py_ssize_t x, i;
dest = PyMem_Malloc(len * (sizeof *dest)); dest = PyMem_New(Py_ssize_t, len);
if (dest == NULL) { if (dest == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;

2
Modules/_testcapimodule.c
View File

@ -1517,7 +1517,7 @@ unicode_aswidechar(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "Un", &unicode, &buflen)) if (!PyArg_ParseTuple(args, "Un", &unicode, &buflen))
return NULL; return NULL;
buffer = PyMem_Malloc(buflen * sizeof(wchar_t)); buffer = PyMem_New(wchar_t, buflen);
if (buffer == NULL) if (buffer == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();

2
Modules/getpath.c
View File

@ -735,7 +735,7 @@ calculate_path(void)
bufsz += wcslen(zip_path) + 1; bufsz += wcslen(zip_path) + 1;
bufsz += wcslen(exec_prefix) + 1; bufsz += wcslen(exec_prefix) + 1;
buf = (wchar_t *)PyMem_Malloc(bufsz * sizeof(wchar_t)); buf = PyMem_New(wchar_t, bufsz);
if (buf == NULL) { if (buf == NULL) {
Py_FatalError( Py_FatalError(
"Not enough memory for dynamic PYTHONPATH"); "Not enough memory for dynamic PYTHONPATH");

18
Modules/posixmodule.c
View File

@ -1620,7 +1620,7 @@ get_target_path(HANDLE hdl, wchar_t **target_path)
if(!buf_size) if(!buf_size)
return FALSE; return FALSE;
buf = (wchar_t *)PyMem_Malloc((buf_size+1)*sizeof(wchar_t)); buf = PyMem_New(wchar_t, buf_size+1);
if (!buf) { if (!buf) {
SetLastError(ERROR_OUTOFMEMORY); SetLastError(ERROR_OUTOFMEMORY);
return FALSE; return FALSE;
@ -4472,7 +4472,7 @@ _listdir_windows_no_opendir(path_t *path, PyObject *list)
len = wcslen(path->wide); len = wcslen(path->wide);
} }
/* The +5 is so we can append "\\*.*\0" */ /* The +5 is so we can append "\\*.*\0" */
wnamebuf = PyMem_Malloc((len + 5) * sizeof(wchar_t)); wnamebuf = PyMem_New(wchar_t, len + 5);
if (!wnamebuf) { if (!wnamebuf) {
PyErr_NoMemory(); PyErr_NoMemory();
goto exit; goto exit;
@ -4809,7 +4809,7 @@ posix__getfullpathname(PyObject *self, PyObject *args)
Py_ARRAY_LENGTH(woutbuf), Py_ARRAY_LENGTH(woutbuf),
woutbuf, &wtemp); woutbuf, &wtemp);
if (result > Py_ARRAY_LENGTH(woutbuf)) { if (result > Py_ARRAY_LENGTH(woutbuf)) {
woutbufp = PyMem_Malloc(result * sizeof(wchar_t)); woutbufp = PyMem_New(wchar_t, result);
if (!woutbufp) if (!woutbufp)
return PyErr_NoMemory(); return PyErr_NoMemory();
result = GetFullPathNameW(wpath, result, woutbufp, &wtemp); result = GetFullPathNameW(wpath, result, woutbufp, &wtemp);
@ -4923,7 +4923,7 @@ os__getfinalpathname_impl(PyModuleDef *module, PyObject *path)
if(!buf_size) if(!buf_size)
return win32_error_object("GetFinalPathNameByHandle", path); return win32_error_object("GetFinalPathNameByHandle", path);
target_path = (wchar_t *)PyMem_Malloc((buf_size+1)*sizeof(wchar_t)); target_path = PyMem_New(wchar_t, buf_size+1);
if(!target_path) if(!target_path)
return PyErr_NoMemory(); return PyErr_NoMemory();
@ -5041,7 +5041,7 @@ os__getvolumepathname_impl(PyModuleDef *module, PyObject *path)
return NULL; return NULL;
} }
mountpath = (wchar_t *)PyMem_Malloc(buflen * sizeof(wchar_t)); mountpath = PyMem_New(wchar_t, buflen);
if (mountpath == NULL) if (mountpath == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
@ -8421,9 +8421,9 @@ posix_getgrouplist(PyObject *self, PyObject *args)
#endif #endif
#ifdef __APPLE__ #ifdef __APPLE__
groups = PyMem_Malloc(ngroups * sizeof(int)); groups = PyMem_New(int, ngroups);
#else #else
groups = PyMem_Malloc(ngroups * sizeof(gid_t)); groups = PyMem_New(gid_t, ngroups);
#endif #endif
if (groups == NULL) if (groups == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
@ -8523,7 +8523,7 @@ os_getgroups_impl(PyModuleDef *module)
/* groups will fit in existing array */ /* groups will fit in existing array */
alt_grouplist = grouplist; alt_grouplist = grouplist;
} else { } else {
alt_grouplist = PyMem_Malloc(n * sizeof(gid_t)); alt_grouplist = PyMem_New(gid_t, n);
if (alt_grouplist == NULL) { if (alt_grouplist == NULL) {
errno = EINVAL; errno = EINVAL;
return posix_error(); return posix_error();
@ -8549,7 +8549,7 @@ os_getgroups_impl(PyModuleDef *module)
/* Avoid malloc(0) */ /* Avoid malloc(0) */
alt_grouplist = grouplist; alt_grouplist = grouplist;
} else { } else {
alt_grouplist = PyMem_Malloc(n * sizeof(gid_t)); alt_grouplist = PyMem_New(gid_t, n);
if (alt_grouplist == NULL) { if (alt_grouplist == NULL) {
errno = EINVAL; errno = EINVAL;
return posix_error(); return posix_error();

4
Modules/pyexpat.c
View File

@ -1093,7 +1093,7 @@ pyexpat_xmlparser_ExternalEntityParserCreate_impl(xmlparseobject *self, const ch
for (i = 0; handler_info[i].name != NULL; i++) for (i = 0; handler_info[i].name != NULL; i++)
/* do nothing */; /* do nothing */;
new_parser->handlers = PyMem_Malloc(sizeof(PyObject *) * i); new_parser->handlers = PyMem_New(PyObject *, i);
if (!new_parser->handlers) { if (!new_parser->handlers) {
Py_DECREF(new_parser); Py_DECREF(new_parser);
return PyErr_NoMemory(); return PyErr_NoMemory();
@ -1416,7 +1416,7 @@ newxmlparseobject(const char *encoding, const char *namespace_separator, PyObjec
for (i = 0; handler_info[i].name != NULL; i++) for (i = 0; handler_info[i].name != NULL; i++)
/* do nothing */; /* do nothing */;
self->handlers = PyMem_Malloc(sizeof(PyObject *) * i); self->handlers = PyMem_New(PyObject *, i);
if (!self->handlers) { if (!self->handlers) {
Py_DECREF(self); Py_DECREF(self);
return PyErr_NoMemory(); return PyErr_NoMemory();

6
Modules/socketmodule.c
View File

@ -4213,9 +4213,11 @@ socket_gethostname(PyObject *self, PyObject *unused)
/* MSDN says ERROR_MORE_DATA may occur because DNS allows longer /* MSDN says ERROR_MORE_DATA may occur because DNS allows longer
names */ names */
name = PyMem_Malloc(size * sizeof(wchar_t)); name = PyMem_New(wchar_t, size);
if (!name) if (!name) {
PyErr_NoMemory();
return NULL; return NULL;
}
if (!GetComputerNameExW(ComputerNamePhysicalDnsHostname, if (!GetComputerNameExW(ComputerNamePhysicalDnsHostname,
name, name,
&size)) &size))

4
Modules/unicodedata.c
View File

@ -556,7 +556,7 @@ nfd_nfkd(PyObject *self, PyObject *input, int k)
/* Overallocate at most 10 characters. */ /* Overallocate at most 10 characters. */
space = (isize > 10 ? 10 : isize) + isize; space = (isize > 10 ? 10 : isize) + isize;
osize = space; osize = space;
output = PyMem_Malloc(space * sizeof(Py_UCS4)); output = PyMem_New(Py_UCS4, space);
if (!output) { if (!output) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;
@ -703,7 +703,7 @@ nfc_nfkc(PyObject *self, PyObject *input, int k)
/* We allocate a buffer for the output. /* We allocate a buffer for the output.
If we find that we made no changes, we still return If we find that we made no changes, we still return
the NFD result. */ the NFD result. */
output = PyMem_Malloc(len * sizeof(Py_UCS4)); output = PyMem_New(Py_UCS4, len);
if (!output) { if (!output) {
PyErr_NoMemory(); PyErr_NoMemory();
Py_DECREF(result); Py_DECREF(result);

2
Modules/zipimport.c
View File

@ -233,7 +233,7 @@ make_filename(PyObject *prefix, PyObject *name)
Py_ssize_t len; Py_ssize_t len;
len = PyUnicode_GET_LENGTH(prefix) + PyUnicode_GET_LENGTH(name) + 1; len = PyUnicode_GET_LENGTH(prefix) + PyUnicode_GET_LENGTH(name) + 1;
p = buf = PyMem_Malloc(sizeof(Py_UCS4) * len); p = buf = PyMem_New(Py_UCS4, len);
if (buf == NULL) { if (buf == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;

22
Objects/unicodeobject.c
View File

@ -2186,7 +2186,7 @@ _PyUnicode_AsKind(PyObject *s, unsigned int kind)
} }
switch (kind) { switch (kind) {
case PyUnicode_2BYTE_KIND: case PyUnicode_2BYTE_KIND:
result = PyMem_Malloc(len * sizeof(Py_UCS2)); result = PyMem_New(Py_UCS2, len);
if (!result) if (!result)
return PyErr_NoMemory(); return PyErr_NoMemory();
assert(skind == PyUnicode_1BYTE_KIND); assert(skind == PyUnicode_1BYTE_KIND);
@ -2197,7 +2197,7 @@ _PyUnicode_AsKind(PyObject *s, unsigned int kind)
result); result);
return result; return result;
case PyUnicode_4BYTE_KIND: case PyUnicode_4BYTE_KIND:
result = PyMem_Malloc(len * sizeof(Py_UCS4)); result = PyMem_New(Py_UCS4, len);
if (!result) if (!result)
return PyErr_NoMemory(); return PyErr_NoMemory();
if (skind == PyUnicode_2BYTE_KIND) { if (skind == PyUnicode_2BYTE_KIND) {
@ -2239,11 +2239,7 @@ as_ucs4(PyObject *string, Py_UCS4 *target, Py_ssize_t targetsize,
if (copy_null) if (copy_null)
targetlen++; targetlen++;
if (!target) { if (!target) {
if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(Py_UCS4) < targetlen) { target = PyMem_New(Py_UCS4, targetlen);
PyErr_NoMemory();
return NULL;
}
target = PyMem_Malloc(targetlen * sizeof(Py_UCS4));
if (!target) { if (!target) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;
@ -2817,12 +2813,7 @@ PyUnicode_AsWideCharString(PyObject *unicode,
buflen = unicode_aswidechar(unicode, NULL, 0); buflen = unicode_aswidechar(unicode, NULL, 0);
if (buflen == -1) if (buflen == -1)
return NULL; return NULL;
if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(wchar_t) < buflen) { buffer = PyMem_NEW(wchar_t, buflen);
PyErr_NoMemory();
return NULL;
}
buffer = PyMem_MALLOC(buflen * sizeof(wchar_t));
if (buffer == NULL) { if (buffer == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
return NULL; return NULL;
@ -3515,10 +3506,7 @@ PyUnicode_DecodeLocaleAndSize(const char *str, Py_ssize_t len,
wstr = smallbuf; wstr = smallbuf;
} }
else { else {
if (wlen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1) wstr = PyMem_New(wchar_t, wlen+1);
return PyErr_NoMemory();
wstr = PyMem_Malloc((wlen+1) * sizeof(wchar_t));
if (!wstr) if (!wstr)
return PyErr_NoMemory(); return PyErr_NoMemory();
} }

6
PC/winreg.c
View File

@ -939,7 +939,7 @@ Reg2Py(BYTE *retDataBuf, DWORD retDataSize, DWORD typ)
wchar_t *data = (wchar_t *)retDataBuf; wchar_t *data = (wchar_t *)retDataBuf;
int len = retDataSize / 2; int len = retDataSize / 2;
int s = countStrings(data, len); int s = countStrings(data, len);
wchar_t **str = (wchar_t **)PyMem_Malloc(sizeof(wchar_t *)*s); wchar_t **str = PyMem_New(wchar_t *, s);
if (str == NULL) if (str == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
@ -1206,7 +1206,7 @@ PyEnumValue(PyObject *self, PyObject *args)
++retDataSize; ++retDataSize;
bufDataSize = retDataSize; bufDataSize = retDataSize;
bufValueSize = retValueSize; bufValueSize = retValueSize;
retValueBuf = (wchar_t *)PyMem_Malloc(sizeof(wchar_t) * retValueSize); retValueBuf = PyMem_New(wchar_t, retValueSize);
if (retValueBuf == NULL) if (retValueBuf == NULL)
return PyErr_NoMemory(); return PyErr_NoMemory();
retDataBuf = (BYTE *)PyMem_Malloc(retDataSize); retDataBuf = (BYTE *)PyMem_Malloc(retDataSize);
@ -1277,7 +1277,7 @@ PyExpandEnvironmentStrings(PyObject *self, PyObject *args)
return PyErr_SetFromWindowsErrWithFunction(retValueSize, return PyErr_SetFromWindowsErrWithFunction(retValueSize,
"ExpandEnvironmentStrings"); "ExpandEnvironmentStrings");
} }
retValue = (wchar_t *)PyMem_Malloc(retValueSize * sizeof(wchar_t)); retValue = PyMem_New(wchar_t, retValueSize);
if (retValue == NULL) { if (retValue == NULL) {
return PyErr_NoMemory(); return PyErr_NoMemory();
} }

4
Python/peephole.c
View File

@ -290,7 +290,7 @@ fold_unaryops_on_constants(unsigned char *codestr, PyObject *consts, PyObject *v
static unsigned int * static unsigned int *
markblocks(unsigned char *code, Py_ssize_t len) markblocks(unsigned char *code, Py_ssize_t len)
{ {
unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int)); unsigned int *blocks = PyMem_New(unsigned int, len);
int i,j, opcode, blockcnt = 0; int i,j, opcode, blockcnt = 0;
if (blocks == NULL) { if (blocks == NULL) {
@ -398,7 +398,7 @@ PyCode_Optimize(PyObject *code, PyObject* consts, PyObject *names,
goto exitUnchanged; goto exitUnchanged;
/* Mapping to new jump targets after NOPs are removed */ /* Mapping to new jump targets after NOPs are removed */
addrmap = (int *)PyMem_Malloc(codelen * sizeof(int)); addrmap = PyMem_New(int, codelen);
if (addrmap == NULL) { if (addrmap == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
goto exitError; goto exitError;