Thanks to Coverity, these were all reported by their Prevent tool.

All of these (except _lsprof.c) should be backported. Particularly the hotshot change which validates sys.path. Can someone backport?
2006-03-07 04:48:24 +00:00 · 2006-03-07 04:48:24 +00:00 · 60da31660c
parent e22373d690
commit 60da31660c
6 changed files with 25 additions and 2 deletions
--- a/Lib/test/test_hotshot.py
+++ b/Lib/test/test_hotshot.py
@ -107,6 +107,19 @@ class HotShotTestCase(unittest.TestCase):
        profiler.close()
        os.unlink(self.logfn)

+    def test_bad_sys_path(self):
+        import sys
+        orig_path = sys.path
+        coverage = hotshot._hotshot.coverage
+        try:
+            # verify we require a list for sys.path
+            sys.path = 'abc'
+            self.assertRaises(RuntimeError, coverage, test_support.TESTFN)
+            # verify sys.path exists
+            del sys.path
+            self.assertRaises(RuntimeError, coverage, test_support.TESTFN)
+        finally:
+            sys.path = orig_path

 def test_main():
    test_support.run_unittest(HotShotTestCase)
--- a/Modules/_hotshot.c
+++ b/Modules/_hotshot.c
@ -473,6 +473,8 @@ restart:
    }
    else if (!err) {
        result = PyTuple_New(4);
+        if (result == NULL)
+            return NULL;
        PyTuple_SET_ITEM(result, 0, PyInt_FromLong(what));
        PyTuple_SET_ITEM(result, 2, PyInt_FromLong(fileno));
        if (s1 == NULL)
@ -1455,6 +1457,10 @@ write_header(ProfilerObject *self)
                  getcwd(cwdbuffer, sizeof cwdbuffer));

    temp = PySys_GetObject("path");
+    if (temp == NULL || !PyList_Check(temp)) {
+	PyErr_SetString(PyExc_RuntimeError, "sys.path must be a list");
+    	return -1;
+    }
    len = PyList_GET_SIZE(temp);
    for (i = 0; i < len; ++i) {
        PyObject *item = PyList_GET_ITEM(temp, i);
--- a/Modules/_lsprof.c
+++ b/Modules/_lsprof.c
@ -850,6 +850,8 @@ init_lsprof(void)
 {
 	PyObject *module, *d;
 	module = Py_InitModule3("_lsprof", moduleMethods, "Fast profiler");
+	if (module == NULL)
+		return;
 	d = PyModule_GetDict(module);
 	if (PyType_Ready(&PyProfiler_Type) < 0)
 		return;
--- a/Modules/_sre.c
+++ b/Modules/_sre.c
@ -2983,7 +2983,7 @@ match_groupdict(MatchObject* self, PyObject* args, PyObject* kw)
    return result;

 failed:
-    Py_DECREF(keys);
+    Py_XDECREF(keys);
    Py_DECREF(result);
    return NULL;
 }
--- a/Modules/audioop.c
+++ b/Modules/audioop.c
@ -1013,6 +1013,8 @@ audioop_ratecv(PyObject *self, PyObject *args)
 		while (d < 0) {
 			if (len == 0) {
 				samps = PyTuple_New(nchannels);
+				if (samps == NULL)
+					goto exit;
 				for (chan = 0; chan < nchannels; chan++)
 					PyTuple_SetItem(samps, chan,
 						Py_BuildValue("(ii)",
--- a/Modules/regexmodule.c
+++ b/Modules/regexmodule.c
@ -535,7 +535,7 @@ regex_symcomp(PyObject *self, PyObject *args)

 	gdict = PyDict_New();
 	if (gdict == NULL || (npattern = symcomp(pattern, gdict)) == NULL) {
-		Py_DECREF(gdict);
+		Py_XDECREF(gdict);
 		Py_DECREF(pattern);
 		return NULL;
 	}