summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuido van Rossum <guido@python.org>2000-04-10 12:46:51 (GMT)
committerGuido van Rossum <guido@python.org>2000-04-10 12:46:51 (GMT)
commit5db862dd0cae0077b09a765220bb358e0e129449 (patch)
tree997e545b6dab223b7828d96ac9c39f26e5fe4d14
parentfa972c987c394507ca6fb76de5ef0b47e9301226 (diff)
downloadcpython-5db862dd0cae0077b09a765220bb358e0e129449.zip
cpython-5db862dd0cae0077b09a765220bb358e0e129449.tar.gz
cpython-5db862dd0cae0077b09a765220bb358e0e129449.tar.bz2
Skip Montanaro: add string precisions to calls to PyErr_Format
to prevent possible buffer overruns.
-rw-r--r--Modules/pyexpat.c2
-rw-r--r--Objects/object.c4
-rw-r--r--Objects/unicodeobject.c44
-rw-r--r--Python/ceval.c2
-rw-r--r--Python/dynload_next.c4
5 files changed, 29 insertions, 27 deletions
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index db0ae85..e98f393 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -307,7 +307,7 @@ xmlparse_Parse( xmlparseobject *self, PyObject *args )
return NULL;
}
else if (rv == 0) {
- PyErr_Format(ErrorObject, "%s: line %i, column %i",
+ PyErr_Format(ErrorObject, "%.200s: line %i, column %i",
XML_ErrorString( XML_GetErrorCode(self->itself) ),
XML_GetErrorLineNumber(self->itself),
XML_GetErrorColumnNumber(self->itself) );
diff --git a/Objects/object.c b/Objects/object.c
index ab10e3e..265ab9b 100644
--- a/Objects/object.c
+++ b/Objects/object.c
@@ -236,7 +236,7 @@ PyObject_Repr(v)
return NULL;
if (!PyString_Check(res)) {
PyErr_Format(PyExc_TypeError,
- "__repr__ returned non-string (type %s)",
+ "__repr__ returned non-string (type %.200s)",
res->ob_type->tp_name);
Py_DECREF(res);
return NULL;
@@ -273,7 +273,7 @@ PyObject_Str(v)
return NULL;
if (!PyString_Check(res)) {
PyErr_Format(PyExc_TypeError,
- "__str__ returned non-string (type %s)",
+ "__str__ returned non-string (type %.200s)",
res->ob_type->tp_name);
Py_DECREF(res);
return NULL;
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index e4bbcff..76fb175 100644
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -365,7 +365,7 @@ PyObject *PyUnicode_Decode(const char *s,
goto onError;
if (!PyUnicode_Check(unicode)) {
PyErr_Format(PyExc_TypeError,
- "decoder did not return an unicode object (type=%s)",
+ "decoder did not return an unicode object (type=%.400s)",
unicode->ob_type->tp_name);
Py_DECREF(unicode);
goto onError;
@@ -416,7 +416,7 @@ PyObject *PyUnicode_AsEncodedString(PyObject *unicode,
/* XXX Should we really enforce this ? */
if (!PyString_Check(v)) {
PyErr_Format(PyExc_TypeError,
- "encoder did not return a string object (type=%s)",
+ "encoder did not return a string object (type=%.400s)",
v->ob_type->tp_name);
Py_DECREF(v);
goto onError;
@@ -484,7 +484,7 @@ int utf8_decoding_error(const char **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "UTF-8 decoding error: %s",
+ "UTF-8 decoding error: %.400s",
details);
return -1;
}
@@ -500,7 +500,7 @@ int utf8_decoding_error(const char **source,
}
else {
PyErr_Format(PyExc_ValueError,
- "UTF-8 decoding error; unknown error handling code: %s",
+ "UTF-8 decoding error; unknown error handling code: %.400s",
errors);
return -1;
}
@@ -607,7 +607,7 @@ int utf8_encoding_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "UTF-8 encoding error: %s",
+ "UTF-8 encoding error: %.400s",
details);
return -1;
}
@@ -622,7 +622,7 @@ int utf8_encoding_error(const Py_UNICODE **source,
else {
PyErr_Format(PyExc_ValueError,
"UTF-8 encoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -728,7 +728,7 @@ int utf16_decoding_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "UTF-16 decoding error: %s",
+ "UTF-16 decoding error: %.400s",
details);
return -1;
}
@@ -744,7 +744,7 @@ int utf16_decoding_error(const Py_UNICODE **source,
}
else {
PyErr_Format(PyExc_ValueError,
- "UTF-16 decoding error; unknown error handling code: %s",
+ "UTF-16 decoding error; unknown error handling code: %.400s",
errors);
return -1;
}
@@ -918,7 +918,7 @@ int unicodeescape_decoding_error(const char **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "Unicode-Escape decoding error: %s",
+ "Unicode-Escape decoding error: %.400s",
details);
return -1;
}
@@ -932,7 +932,7 @@ int unicodeescape_decoding_error(const char **source,
else {
PyErr_Format(PyExc_ValueError,
"Unicode-Escape decoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1296,7 +1296,7 @@ int latin1_encoding_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "Latin-1 encoding error: %s",
+ "Latin-1 encoding error: %.400s",
details);
return -1;
}
@@ -1310,7 +1310,7 @@ int latin1_encoding_error(const Py_UNICODE **source,
else {
PyErr_Format(PyExc_ValueError,
"Latin-1 encoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1366,7 +1366,7 @@ int ascii_decoding_error(const char **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "ASCII decoding error: %s",
+ "ASCII decoding error: %.400s",
details);
return -1;
}
@@ -1381,7 +1381,7 @@ int ascii_decoding_error(const char **source,
else {
PyErr_Format(PyExc_ValueError,
"ASCII decoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1429,7 +1429,7 @@ int ascii_encoding_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "ASCII encoding error: %s",
+ "ASCII encoding error: %.400s",
details);
return -1;
}
@@ -1443,7 +1443,7 @@ int ascii_encoding_error(const Py_UNICODE **source,
else {
PyErr_Format(PyExc_ValueError,
"ASCII encoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1558,7 +1558,7 @@ int charmap_decoding_error(const char **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "charmap decoding error: %s",
+ "charmap decoding error: %.400s",
details);
return -1;
}
@@ -1573,7 +1573,7 @@ int charmap_decoding_error(const char **source,
else {
PyErr_Format(PyExc_ValueError,
"charmap decoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1674,7 +1674,7 @@ int charmap_encoding_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "charmap encoding error: %s",
+ "charmap encoding error: %.400s",
details);
return -1;
}
@@ -1689,7 +1689,7 @@ int charmap_encoding_error(const Py_UNICODE **source,
else {
PyErr_Format(PyExc_ValueError,
"charmap encoding error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
@@ -1806,7 +1806,7 @@ int translate_error(const Py_UNICODE **source,
if ((errors == NULL) ||
(strcmp(errors,"strict") == 0)) {
PyErr_Format(PyExc_UnicodeError,
- "translate error: %s",
+ "translate error: %.400s",
details);
return -1;
}
@@ -1821,7 +1821,7 @@ int translate_error(const Py_UNICODE **source,
else {
PyErr_Format(PyExc_ValueError,
"translate error; "
- "unknown error handling code: %s",
+ "unknown error handling code: %.400s",
errors);
return -1;
}
diff --git a/Python/ceval.c b/Python/ceval.c
index f225446..989e17f 100644
--- a/Python/ceval.c
+++ b/Python/ceval.c
@@ -2513,7 +2513,7 @@ call_function(func, arg, kw)
else {
if (!PyFunction_Check(func)) {
PyErr_Format(PyExc_TypeError,
- "call of non-function (type %s)",
+ "call of non-function (type %.200s)",
func->ob_type->tp_name);
return NULL;
}
diff --git a/Python/dynload_next.c b/Python/dynload_next.c
index 5088b05..08a6d7c 100644
--- a/Python/dynload_next.c
+++ b/Python/dynload_next.c
@@ -185,7 +185,9 @@ dl_funcptr _PyImport_GetDynLoadFunc(const char *fqname, const char *shortname,
if (!NSIsSymbolNameDefined(funcname)) {
/* UnlinkModule() isn't implimented in current versions, but calling it does no harm */
NSUnLinkModule(newModule, FALSE);
- PyErr_Format(PyExc_ImportError, "Loaded module does not contain symbol %s", funcname);
+ PyErr_Format(PyExc_ImportError,
+ "Loaded module does not contain symbol %.200s",
+ funcname);
return NULL;
}
theSym = NSLookupAndBindSymbol(funcname);