traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Even though _Py_Mangle() isn't truly public anyone can call it and 

there was no verification that privateobj was a PyString.  If it wasn't
a string, this could have allowed a NULL pointer to creep in below and crash.

I wonder if this should be PyString_CheckExact?  Must identifiers be strings
or can they be subclasses?

Klocwork #275
This commit is contained in:
Neal Norwitz 2006-08-12 01:45:47 +00:00
parent 6f5ff3f3eb
commit 84167d09cd
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Python/compile.c
View File

@ -204,8 +204,8 @@ _Py_Mangle(PyObject *privateobj, PyObject *ident)
const char *p, *name = PyString_AsString(ident);
char *buffer;
size_t nlen, plen;
if (privateobj == NULL || name == NULL || name[0] != '_' ||
name[1] != '_') {
if (privateobj == NULL || !PyString_Check(privateobj) ||
name == NULL || name[0] != '_' || name[1] != '_') {
Py_INCREF(ident);
return ident;
}