Commit Graph

130 Commits

Author SHA1 Message Date
Armin Rigo 7ccbca93a2 Forward-port of r52136,52138: a review of overflow-detecting code.
* unified the way intobject, longobject and mystrtoul handle
  values around -sys.maxint-1.

* in general, trying to entierely avoid overflows in any computation
  involving signed ints or longs is extremely involved.  Fixed a few
  simple cases where a compiler might be too clever (but that's all
  guesswork).

* more overflow checks against bad data in marshal.c.

* 2.5 specific: fixed a number of places that were still confusing int
  and Py_ssize_t.  Some of them could potentially have caused
  "real-world" breakage.

* list.pop(x): fixing overflow issues on x was messy.  I just reverted
  to PyArg_ParseTuple("n"), which does the right thing.  (An obscure
  test was trying to give a Decimal to list.pop()... doesn't make
  sense any more IMHO)

* trying to write a few tests...
2006-10-04 12:17:45 +00:00
Walter Dörwald d14bf61d05 Fix typo. 2006-09-21 15:09:55 +00:00
Georg Brandl 209307eb3b Introduce an upper bound on tuple nesting depth in
C argument format strings; fixes rest of #1523610.
2006-08-09 07:03:22 +00:00
Georg Brandl 5f135787ec Part of bug #1523610: fix miscalculation of buffer length.
Also add a guard against NULL in converttuple and add a test case
(that previously would have crashed).
2006-07-26 08:03:10 +00:00
Georg Brandl 98251f8a2f Argh. "integer" is a very confusing word ;)
Actually, checking for INT_MAX and INT_MIN is correct since
the format code explicitly handles a C "int".
2006-06-08 13:31:07 +00:00
Georg Brandl 22ccbbc4ec Bug #1502750: Fix getargs "i" format to use LONG_MIN and LONG_MAX for bounds checking. 2006-06-08 12:45:01 +00:00
Skip Montanaro b507972cdd C++ compiler cleanup: cast... 2006-04-18 00:57:15 +00:00
Martin v. Löwis 5cb6936672 Make Py_BuildValue, PyObject_CallFunction and
PyObject_CallMethod aware of PY_SSIZE_T_CLEAN.
2006-04-14 09:08:42 +00:00
Neal Norwitz 615461603c SF Bug #1454485, array.array('u') could crash the interpreter when
passing a string.  Martin already fixed the actual crash by ensuring
Py_UNICODE is unsigned.  As discussed on python-dev, this fix
removes the possibility of creating a unicode string from a raw buffer.

There is an outstanding question of how to fix the crash in 2.4.
2006-04-14 05:20:28 +00:00
Georg Brandl 7f573f7319 Add a test for Py_ssize_t. Correct typo in getargs.c. 2006-04-13 07:59:30 +00:00
Anthony Baxter 97300387ec avoid C++ name mangling for the _Py.*SizeT functions 2006-04-12 04:38:54 +00:00
Thomas Wouters c3547a311e Fix C99-ism, and add XXX to comment 2006-03-01 21:31:21 +00:00
Thomas Wouters 572a9f32dc Use %zd format characters for Py_ssize_t types. 2006-03-01 05:38:39 +00:00
Martin v. Löwis 762467475d Use Py_ssize_t for PyArg_UnpackTuple arguments. 2006-03-01 04:06:10 +00:00
Martin v. Löwis 15e62742fa Revert backwards-incompatible const changes. 2006-02-27 16:46:16 +00:00
Neal Norwitz 9a27617239 Based on discussion with Martin and Thomas on python-checkins
add a Py_SAFE_DOWNCAST() to make the code correct.
2006-02-20 18:57:39 +00:00
Neal Norwitz 20dd93f427 Fix compiler warning on amd64. We can't use zd here since this is
ultimately going to snprintf() not the python string formatter.  Right?
2006-02-19 19:34:15 +00:00
Martin v. Löwis d96ee90993 Use Py_ssize_t to count the 2006-02-16 14:37:16 +00:00
Martin v. Löwis 18e165558b Merge ssize_t branch. 2006-02-15 17:27:45 +00:00
Georg Brandl d704817b66 typo 2006-01-20 17:53:27 +00:00
Neal Norwitz 4ac13dfc3a Remove extra parens 2005-12-19 06:10:07 +00:00
Neal Norwitz 30b5c5d011 Fix SF bug #1072182, problems with signed characters.
Most of these can be backported.
2005-12-19 06:05:18 +00:00
Jeremy Hylton af68c874a6 Add const to several API functions that take char *.
In C++, it's an error to pass a string literal to a char* function
without a const_cast().  Rather than require every C++ extension
module to put a cast around string literals, fix the API to state the
const-ness.

I focused on parts of the API where people usually pass literals:
PyArg_ParseTuple() and friends, Py_BuildValue(), PyMethodDef, the type
slots, etc.  Predictably, there were a large set of functions that
needed to be fixed as a result of these changes.  The most pervasive
change was to make the keyword args list passed to
PyArg_ParseTupleAndKewords() to be a const char *kwlist[].

One cast was required as a result of the changes:  A type object
mallocs the memory for its tp_doc slot and later frees it.
PyTypeObject says that tp_doc is const char *; but if the type was
created by type_new(), we know it is safe to cast to char *.
2005-12-10 18:50:16 +00:00
Georg Brandl 6dd14619bb Complete format code support in getargs.c::skipitem(), which is called when
evaluating keyword arguments.
2005-09-14 19:29:53 +00:00
Georg Brandl 02c42871cf Disallow keyword arguments for type constructors that don't use them.
(fixes bug #1119418)
2005-08-26 06:42:30 +00:00
Michael W. Hudson 5253c30791 I suppose a bug report or even a fix would be a better response, but
commit a yelp about a noted flaw the error messages for METH_KEYWORDS
functions under some circumstances.
2005-03-30 16:41:55 +00:00
Martin v. Löwis 6ce7ed23d0 Revert previous checkin on getargs 'L' code. Try to convert all
numbers in PyLong_AsLongLong, and update test suite accordingly.
Backported to 2.4.
2005-03-03 12:26:35 +00:00
Martin v. Löwis ff232d7230 Clear internal call error in 'L' format. Fixes #723201.
Backported to 2.4.
2005-03-03 09:24:38 +00:00
Michael W. Hudson 34553388ef Fix
[ 991812 ] PyArg_ParseTuple can miss errors with warnings as exceptions

as suggested in the report.

This is definitely a 2.3 candidate (as are most of the checkins I've
made in the last month...)
2004-08-07 17:57:16 +00:00
Brett Cannon 711e7d97e4 Add PyArg_VaParseTupleAndKeywords(). Document this function and
PyArg_VaParse().

Closes patch #550732.  Thanks Greg Chapman.
2004-07-10 22:20:32 +00:00
Martin v. Löwis e6bbb4d16f Patch #684981: Add cleanup capability for argument parsers. Fixes 501716. 2003-05-03 10:00:22 +00:00
Guido van Rossum fce26e7f9f Roll back changes to 'h' format code -- too much breaks. Other
changes stay.
2003-04-18 00:12:30 +00:00
Thomas Heller a4ea603b05 SF # 595026: support for masks in getargs.c.
New functions:
  unsigned long PyInt_AsUnsignedLongMask(PyObject *);
  unsigned PY_LONG_LONG) PyInt_AsUnsignedLongLongMask(PyObject *);
  unsigned long PyLong_AsUnsignedLongMask(PyObject *);
  unsigned PY_LONG_LONG) PyLong_AsUnsignedLongLongMask(PyObject *);

New and changed format codes:

b unsigned char 0..UCHAR_MAX
B unsigned char none **
h unsigned short 0..USHRT_MAX
H unsigned short none **
i int INT_MIN..INT_MAX
I * unsigned int 0..UINT_MAX
l long LONG_MIN..LONG_MAX
k * unsigned long none
L long long LLONG_MIN..LLONG_MAX
K * unsigned long long none

Notes:

* New format codes.

** Changed from previous "range-and-a-half" to "none"; the
range-and-a-half checking wasn't particularly useful.

New test test_getargs2.py, to verify all this.
2003-04-17 18:55:45 +00:00
Martin v. Löwis b9a0f91218 Rename LONG_LONG to PY_LONG_LONG. Fixes #710285. 2003-03-29 10:06:18 +00:00
Neil Schemenauer 5042da6b1e If a float is passed where a int is expected, issue a DeprecationWarning
instead of raising a TypeError.  Closes #660144 (again).
2003-02-04 20:59:40 +00:00
Neil Schemenauer b808e99d34 Raise a TypeError if a float is passed when an integer is specified.
Calling PyInt_AsLong() on a float truncates it which is almost never
the desired behavior.  This closes SF bug #660144.
2003-01-24 22:15:21 +00:00
Walter Dörwald dffda2eaf9 Wrap uargs declaration in a #ifdef Py_USING_UNICODE, so that
the --disable-unicode build doesn't complain about an
unused variable.
2002-11-21 20:23:11 +00:00
Martin v. Löwis 75d2d94e0f Patch #554716: Use __va_copy where available. 2002-07-28 10:23:27 +00:00
Guido van Rossum 55474766f0 Fix by Greg Chapman from SF bug 534347: Potential AV in vgetargskeywords.
Bugfix candidate.
2002-04-04 16:22:30 +00:00
Marc-André Lemburg 3e3eacb5fc Fixed "u#" parser marker to pass through Unicode objects as-is without
going through the buffer interface API.

Added tests for this to the _testcapi module and updated docs.
2002-01-09 16:21:27 +00:00
Tim Peters faad5ad590 mysnprintf.c: Massive rewrite of PyOS_snprintf and PyOS_vsnprintf, to
use wrappers on all platforms, to make this as consistent as possible x-
platform (in particular, make sure there's at least one \0 byte in
the output buffer).  Also document more of the truth about what these do.

getargs.c, seterror():  Three computations of remaining buffer size were
backwards, thus telling PyOS_snprintf the buffer is larger than it
actually is.  This matters a lot now that PyOS_snprintf ensures there's a
trailing \0 byte (because it didn't get the truth about the buffer size,
it was storing \0 beyond the true end of the buffer).

sysmodule.c, mywrite():  Simplify, now that PyOS_vsnprintf guarantees to
produce a \0 byte.
2001-12-03 00:43:33 +00:00
Tim Peters cffed4bc21 SF bug 486278 SystemError: Python/getargs.c:1086: bad.
vgetargskeywords():  Now that this routine is checking for bad input
(rather than dump core in some cases), some bad calls are raising errors
that previously "worked".  This patch makes the error strings more
revealing, and changes the exceptions from SystemError to RuntimeError
(under the theory that SystemError is more of a "can't happen!" assert-
like thing, and so inappropriate for bad arguments to a public C API
function).
2001-11-29 03:26:37 +00:00
Jeremy Hylton b048b26db0 Two screwups fixed for sizeof(char *) instead of sizeof(char []).
Also change all the helper functions to pass along the size of the
msgbuf and use PyOS_snprintf() when writing into the buffer.
2001-11-28 22:14:37 +00:00
Jeremy Hylton f16e05e7ec Use PyOS_snprintf() at some cost even though it was correct before.
seterror() uses a char array and a pointer to the current position in
that array.  Use snprintf() and compute the amount of space left in
the buffer based on the current pointer position.
2001-11-28 21:46:59 +00:00
Jeremy Hylton 23ae987401 Use PyOS_snprintf when possible. 2001-11-28 20:29:22 +00:00
Marc-André Lemburg d4c0a9c59b Fixes for possible buffer overflows in sprintf() usages. 2001-11-28 11:47:00 +00:00
Tim Peters c2f011201a vgetargskeywords()
+ Squash another potential buffer overrun.
+ Simplify the keyword-arg loop by decrementing the count of keywords
  remaining instead of incrementing Yet Another Variable; also break
  out early if the number of keyword args remaining hits 0.

Since I hit the function's closing curly brace with this patch, that's
enough of this for now <wink>.
2001-10-27 07:25:06 +00:00
Tim Peters b639d49798 vgetargskeywords: Now that it's clear that nkwlist must equal max, and
we're ensuring that's true during the format parse, get rid of nkwlist.
2001-10-27 07:00:56 +00:00
Tim Peters dc5eff9170 vgetargskeywords: Prevent another potential sprintf buffer overrun. 2001-10-27 06:53:00 +00:00
Tim Peters 62d48e1735 vgetargskeywords: Verify kwlist has the required length while parsing
the format, instead of waiting until after we can overindex it by
mistake.
2001-10-27 06:42:16 +00:00