From ad4690fcca5704277abece184d49b39a913029d4 Mon Sep 17 00:00:00 2001 From: Zachary Ware Date: Thu, 3 Jul 2014 10:58:06 -0500 Subject: [PATCH] Issue #21151: Fixed a segfault in the winreg module. When ``None`` was passed as a ``REG_BINARY`` value to SetValueEx, PyMem_DEL was called on an uninitialized buffer. Patch by John Ehresman. (Also an incidental typo fix in a comment in test_winreg) --- Lib/test/test_winreg.py | 15 ++++++++++++++- Misc/NEWS | 3 +++ PC/winreg.c | 4 +++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Lib/test/test_winreg.py b/Lib/test/test_winreg.py index ef4ce552f1a..2c4ac08f390 100644 --- a/Lib/test/test_winreg.py +++ b/Lib/test/test_winreg.py @@ -341,7 +341,7 @@ class LocalWinregTests(BaseWinregTests): def test_queryvalueex_return_value(self): # Test for Issue #16759, return unsigned int from QueryValueEx. # Reg2Py, which gets called by QueryValueEx, was returning a value - # generated by PyLong_FromLong. The implmentation now uses + # generated by PyLong_FromLong. The implementation now uses # PyLong_FromUnsignedLong to match DWORD's size. try: with CreateKey(HKEY_CURRENT_USER, test_key_name) as ck: @@ -354,6 +354,19 @@ class LocalWinregTests(BaseWinregTests): finally: DeleteKey(HKEY_CURRENT_USER, test_key_name) + def test_setvalueex_crash_with_none_arg(self): + # Test for Issue #21151, segfault when None is passed to SetValueEx + try: + with CreateKey(HKEY_CURRENT_USER, test_key_name) as ck: + self.assertNotEqual(ck.handle, 0) + test_val = None + SetValueEx(ck, "test_name", 0, REG_BINARY, test_val) + ret_val, ret_type = QueryValueEx(ck, "test_name") + self.assertEqual(ret_type, REG_BINARY) + self.assertEqual(ret_val, test_val) + finally: + DeleteKey(HKEY_CURRENT_USER, test_key_name) + @unittest.skipUnless(REMOTE_NAME, "Skipping remote registry tests") diff --git a/Misc/NEWS b/Misc/NEWS index 0983a59c954..a413f48630a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -27,6 +27,9 @@ Core and Builtins Library ------- +- Issue #21151: Fixed a segfault in the winreg module when ``None`` is passed + as a ``REG_BINARY`` value to SetValueEx. Patch by John Ehresman. + - Issue #21090: io.FileIO.readall() does not ignore I/O errors anymore. Before, it ignored I/O errors if at least the first C call read() succeed. diff --git a/PC/winreg.c b/PC/winreg.c index d23810b65d8..63c437e437e 100644 --- a/PC/winreg.c +++ b/PC/winreg.c @@ -871,8 +871,10 @@ Py2Reg(PyObject *value, DWORD typ, BYTE **retDataBuf, DWORD *retDataSize) /* ALSO handle ALL unknown data types here. Even if we can't support it natively, we should handle the bits. */ default: - if (value == Py_None) + if (value == Py_None) { *retDataSize = 0; + *retDataBuf = NULL; + } else { Py_buffer view;