summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2015-02-16 11:16:07 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2015-02-16 11:16:07 (GMT)
commita2269d074b02440b7a9c22115454ad7e33aeb3f4 (patch)
tree308cd69b9f0f75f2d1a0074b15c39a5b043c48e9
parente8d750c05bba752215d842968dae24c151df561e (diff)
downloadcpython-a2269d074b02440b7a9c22115454ad7e33aeb3f4.zip
cpython-a2269d074b02440b7a9c22115454ad7e33aeb3f4.tar.gz
cpython-a2269d074b02440b7a9c22115454ad7e33aeb3f4.tar.bz2
Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer
overflows. Added few missed PyErr_NoMemory().
-rw-r--r--Modules/_ctypes/_ctypes.c9
-rw-r--r--Modules/_ctypes/stgdict.c12
-rw-r--r--Modules/_localemodule.c4
-rw-r--r--Modules/_ssl.c7
-rw-r--r--Python/peephole.c8
5 files changed, 25 insertions, 15 deletions
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
index 39e1ce4..555600d 100644
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -4469,8 +4469,11 @@ Array_subscript(PyObject *_self, PyObject *item)
slicelen);
}
- dest = (wchar_t *)PyMem_Malloc(
- slicelen * sizeof(wchar_t));
+ dest = PyMem_New(wchar_t, slicelen);
+ if (dest == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
for (cur = start, i = 0; i < slicelen;
cur += step, i++) {
@@ -5250,7 +5253,7 @@ Pointer_subscript(PyObject *_self, PyObject *item)
return PyUnicode_FromWideChar(ptr + start,
len);
}
- dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t));
+ dest = PyMem_New(wchar_t, len);
if (dest == NULL)
return PyErr_NoMemory();
for (cur = start, i = 0; i < len; cur += step, i++) {
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
index 95fa0f5..17b9760 100644
--- a/Modules/_ctypes/stgdict.c
+++ b/Modules/_ctypes/stgdict.c
@@ -80,14 +80,18 @@ PyCStgDict_clone(StgDictObject *dst, StgDictObject *src)
if (src->format) {
dst->format = PyMem_Malloc(strlen(src->format) + 1);
- if (dst->format == NULL)
+ if (dst->format == NULL) {
+ PyErr_NoMemory();
return -1;
+ }
strcpy(dst->format, src->format);
}
if (src->shape) {
dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim);
- if (dst->shape == NULL)
+ if (dst->shape == NULL) {
+ PyErr_NoMemory();
return -1;
+ }
memcpy(dst->shape, src->shape,
sizeof(Py_ssize_t) * src->ndim);
}
@@ -388,7 +392,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
union_size = 0;
total_align = align ? align : 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
- stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1));
+ stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory();
return -1;
@@ -406,7 +410,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
union_size = 0;
total_align = 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
- stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1));
+ stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory();
return -1;
diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c
index 253a4dc..fe7b098 100644
--- a/Modules/_localemodule.c
+++ b/Modules/_localemodule.c
@@ -314,7 +314,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args)
}
/* Convert the unicode strings to wchar[]. */
len1 = PyUnicode_GET_SIZE(os1) + 1;
- ws1 = PyMem_MALLOC(len1 * sizeof(wchar_t));
+ ws1 = PyMem_NEW(wchar_t, len1);
if (!ws1) {
PyErr_NoMemory();
goto done;
@@ -323,7 +323,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args)
goto done;
ws1[len1 - 1] = 0;
len2 = PyUnicode_GET_SIZE(os2) + 1;
- ws2 = PyMem_MALLOC(len2 * sizeof(wchar_t));
+ ws2 = PyMem_NEW(wchar_t, len2);
if (!ws2) {
PyErr_NoMemory();
goto done;
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 9dc0859..e0d888e 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3891,10 +3891,11 @@ static int _setup_ssl_threads(void) {
if (_ssl_locks == NULL) {
_ssl_locks_count = CRYPTO_num_locks();
- _ssl_locks = (PyThread_type_lock *)
- PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count);
- if (_ssl_locks == NULL)
+ _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
+ if (_ssl_locks == NULL) {
+ PyErr_NoMemory();
return 0;
+ }
memset(_ssl_locks, 0,
sizeof(PyThread_type_lock) * _ssl_locks_count);
for (i = 0; i < _ssl_locks_count; i++) {
diff --git a/Python/peephole.c b/Python/peephole.c
index fb6cd03..e3bc004 100644
--- a/Python/peephole.c
+++ b/Python/peephole.c
@@ -242,7 +242,7 @@ fold_unaryops_on_constants(unsigned char *codestr, PyObject *consts)
static unsigned int *
markblocks(unsigned char *code, Py_ssize_t len)
{
- unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int));
+ unsigned int *blocks = PyMem_New(unsigned int, len);
int i,j, opcode, blockcnt = 0;
if (blocks == NULL) {
@@ -343,9 +343,11 @@ PyCode_Optimize(PyObject *code, PyObject* consts, PyObject *names,
goto exitUnchanged;
/* Mapping to new jump targets after NOPs are removed */
- addrmap = (int *)PyMem_Malloc(codelen * sizeof(int));
- if (addrmap == NULL)
+ addrmap = PyMem_New(int, codelen);
+ if (addrmap == NULL) {
+ PyErr_NoMemory();
goto exitError;
+ }
blocks = markblocks(codestr, codelen);
if (blocks == NULL)