diff options
| author | Alexey Izbyshev <izbyshev@ispras.ru> | 2018-10-28 16:45:50 (GMT) |
|---|---|---|
| committer | Victor Stinner <vstinner@redhat.com> | 2018-10-28 16:45:50 (GMT) |
| commit | 3d4fabb2a424cb04ae446ebe4428090c386f45a5 (patch) | |
| tree | 31ba780345d92c1d73db0fcfe04995a360c3a0f2 /Modules | |
| parent | 68d6dc0770288075504635a8e42696070823fd69 (diff) | |
| download | cpython-3d4fabb2a424cb04ae446ebe4428090c386f45a5.zip cpython-3d4fabb2a424cb04ae446ebe4428090c386f45a5.tar.gz cpython-3d4fabb2a424cb04ae446ebe4428090c386f45a5.tar.bz2 | |
bpo-35090: Fix potential division by zero in allocator wrappers (GH-10174)
* Fix potential division by zero in BZ2_Malloc()
* Avoid division by zero in PyLzma_Malloc()
* Avoid division by zero and integer overflow in PyZlib_Malloc()
Reported by Svace static analyzer.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_bz2module.c | 4 | ||||
| -rw-r--r-- | Modules/_lzmamodule.c | 2 | ||||
| -rw-r--r-- | Modules/zlibmodule.c | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/Modules/_bz2module.c b/Modules/_bz2module.c index 3890b60..f0d9588 100644 --- a/Modules/_bz2module.c +++ b/Modules/_bz2module.c @@ -277,11 +277,11 @@ BZ2_Malloc(void* ctx, int items, int size) { if (items < 0 || size < 0) return NULL; - if ((size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size) + if (size != 0 && (size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size) return NULL; /* PyMem_Malloc() cannot be used: compress() and decompress() release the GIL */ - return PyMem_RawMalloc(items * size); + return PyMem_RawMalloc((size_t)items * (size_t)size); } static void diff --git a/Modules/_lzmamodule.c b/Modules/_lzmamodule.c index 7b501d8..bb7a7ec 100644 --- a/Modules/_lzmamodule.c +++ b/Modules/_lzmamodule.c @@ -108,7 +108,7 @@ catch_lzma_error(lzma_ret lzret) static void* PyLzma_Malloc(void *opaque, size_t items, size_t size) { - if (items > (size_t)PY_SSIZE_T_MAX / size) + if (size != 0 && items > (size_t)PY_SSIZE_T_MAX / size) return NULL; /* PyMem_Malloc() cannot be used: the GIL is not held when lzma_code() is called */ diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c index 36a3835..00bbe21 100644 --- a/Modules/zlibmodule.c +++ b/Modules/zlibmodule.c @@ -117,11 +117,11 @@ newcompobject(PyTypeObject *type) static void* PyZlib_Malloc(voidpf ctx, uInt items, uInt size) { - if (items > (size_t)PY_SSIZE_T_MAX / size) + if (size != 0 && items > (size_t)PY_SSIZE_T_MAX / size) return NULL; /* PyMem_Malloc() cannot be used: the GIL is not held when inflate() and deflate() are called */ - return PyMem_RawMalloc(items * size); + return PyMem_RawMalloc((size_t)items * (size_t)size); } static void |