diff options
| author | Martin Panter <vadmium+py@gmail.com> | 2016-09-07 11:04:41 (GMT) |
|---|---|---|
| committer | Martin Panter <vadmium+py@gmail.com> | 2016-09-07 11:04:41 (GMT) |
| commit | 6eec87810fcf75249cb1060424f69ef5859e3fb1 (patch) | |
| tree | a22e65c1c04d94dcc3de2f46c7dd4f26701182f4 | |
| parent | 68b1f708bd27eb0551c26ae3dfcece71c12d2259 (diff) | |
| download | cpython-6eec87810fcf75249cb1060424f69ef5859e3fb1.zip cpython-6eec87810fcf75249cb1060424f69ef5859e3fb1.tar.gz cpython-6eec87810fcf75249cb1060424f69ef5859e3fb1.tar.bz2 | |
Issue #27570: Avoid zero-length memcpy() calls with null source pointers
| -rw-r--r-- | Lib/test/test_array.py | 16 | ||||
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/_ctypes/_ctypes.c | 6 | ||||
| -rw-r--r-- | Modules/_ctypes/stgdict.c | 8 | ||||
| -rw-r--r-- | Modules/arraymodule.c | 24 |
5 files changed, 42 insertions, 15 deletions
diff --git a/Lib/test/test_array.py b/Lib/test/test_array.py index 9f5c09d..0e6f515 100644 --- a/Lib/test/test_array.py +++ b/Lib/test/test_array.py @@ -22,9 +22,9 @@ typecodes = "cbBhHiIlLfd" if test_support.have_unicode: typecodes += "u" -class BadConstructorTest(unittest.TestCase): +class MiscTest(unittest.TestCase): - def test_constructor(self): + def test_bad_constructor(self): self.assertRaises(TypeError, array.array) self.assertRaises(TypeError, array.array, spam=42) self.assertRaises(TypeError, array.array, 'xx') @@ -40,7 +40,17 @@ class BadConstructorTest(unittest.TestCase): self.assertRaises(ValueError, array.array, u'x') self.assertRaises(ValueError, array.array, u'\x80') -tests.append(BadConstructorTest) + def test_empty(self): + # Exercise code for handling zero-length arrays + a = array.array('B') + a[:] = a + self.assertEqual(len(a), 0) + self.assertEqual(len(a + a), 0) + self.assertEqual(len(a * 3), 0) + a += a + self.assertEqual(len(a), 0) + +tests.append(MiscTest) class BaseTest(unittest.TestCase): # Required class attributes (provided by subclasses @@ -40,6 +40,9 @@ Core and Builtins Library ------- +- Issue #27570: Avoid zero-length memcpy() etc calls with null source + pointers in the "ctypes" and "array" modules. + - lib2to3.pgen3.driver.load_grammar() now creates a stable cache file between runs given the same Grammar.txt input regardless of the hash randomization setting. diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c index 421cdcc..a1c0be8 100644 --- a/Modules/_ctypes/_ctypes.c +++ b/Modules/_ctypes/_ctypes.c @@ -1426,8 +1426,10 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds) return NULL; } stgdict->shape[0] = length; - memmove(&stgdict->shape[1], itemdict->shape, - sizeof(Py_ssize_t) * (stgdict->ndim - 1)); + if (stgdict->ndim > 1) { + memmove(&stgdict->shape[1], itemdict->shape, + sizeof(Py_ssize_t) * (stgdict->ndim - 1)); + } itemsize = itemdict->size; if (length * itemsize < 0) { diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c index 31528af..90ce3e5 100644 --- a/Modules/_ctypes/stgdict.c +++ b/Modules/_ctypes/stgdict.c @@ -395,9 +395,11 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct } memset(stgdict->ffi_type_pointer.elements, 0, sizeof(ffi_type *) * (basedict->length + len + 1)); - memcpy(stgdict->ffi_type_pointer.elements, - basedict->ffi_type_pointer.elements, - sizeof(ffi_type *) * (basedict->length)); + if (basedict->length > 0) { + memcpy(stgdict->ffi_type_pointer.elements, + basedict->ffi_type_pointer.elements, + sizeof(ffi_type *) * (basedict->length)); + } ffi_ofs = basedict->length; } else { offset = 0; diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c index fcdd46a..9819141 100644 --- a/Modules/arraymodule.c +++ b/Modules/arraymodule.c @@ -620,8 +620,10 @@ array_slice(arrayobject *a, Py_ssize_t ilow, Py_ssize_t ihigh) np = (arrayobject *) newarrayobject(&Arraytype, ihigh - ilow, a->ob_descr); if (np == NULL) return NULL; - memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize, - (ihigh-ilow) * a->ob_descr->itemsize); + if (ihigh > ilow) { + memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize, + (ihigh-ilow) * a->ob_descr->itemsize); + } return (PyObject *)np; } @@ -660,9 +662,13 @@ array_concat(arrayobject *a, PyObject *bb) if (np == NULL) { return NULL; } - memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize); - memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize, - b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize); + if (Py_SIZE(a) > 0) { + memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize); + } + if (Py_SIZE(b) > 0) { + memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize, + b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize); + } return (PyObject *)np; #undef b } @@ -684,6 +690,8 @@ array_repeat(arrayobject *a, Py_ssize_t n) np = (arrayobject *) newarrayobject(&Arraytype, size, a->ob_descr); if (np == NULL) return NULL; + if (size == 0) + return (PyObject *)np; p = np->ob_item; nbytes = Py_SIZE(a) * a->ob_descr->itemsize; for (i = 0; i < n; i++) { @@ -838,8 +846,10 @@ array_do_extend(arrayobject *self, PyObject *bb) PyErr_NoMemory(); return -1; } - memcpy(self->ob_item + Py_SIZE(self)*self->ob_descr->itemsize, - b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize); + if (Py_SIZE(b) > 0) { + memcpy(self->ob_item + Py_SIZE(self)*self->ob_descr->itemsize, + b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize); + } Py_SIZE(self) = size; self->allocated = size; |