diff options
author | Serhiy Storchaka <storchaka@gmail.com> | 2018-07-16 06:10:19 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-16 06:10:19 (GMT) |
commit | bd47384e07bde38a8f18b90b4cea02a505d95c75 (patch) | |
tree | 032099abf31aac9d5c5e1ecf273f301ad2e8233a /Objects/codeobject.c | |
parent | 15c7b2abdfb93f8902dd72474818aee2bf97fa66 (diff) | |
download | cpython-bd47384e07bde38a8f18b90b4cea02a505d95c75.zip cpython-bd47384e07bde38a8f18b90b4cea02a505d95c75.tar.gz cpython-bd47384e07bde38a8f18b90b4cea02a505d95c75.tar.bz2 |
bpo-24618: Add a check in the code constructor. (GH-8283)
Check that the size of the varnames tuple is enough at least for all arguments.
Diffstat (limited to 'Objects/codeobject.c')
-rw-r--r-- | Objects/codeobject.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/Objects/codeobject.c b/Objects/codeobject.c index aa373a0..b07667c 100644 --- a/Objects/codeobject.c +++ b/Objects/codeobject.c @@ -103,7 +103,7 @@ PyCode_New(int argcount, int kwonlyargcount, { PyCodeObject *co; Py_ssize_t *cell2arg = NULL; - Py_ssize_t i, n_cellvars; + Py_ssize_t i, n_cellvars, n_varnames, total_args; /* Check argument types */ if (argcount < 0 || kwonlyargcount < 0 || nlocals < 0 || @@ -138,10 +138,22 @@ PyCode_New(int argcount, int kwonlyargcount, flags &= ~CO_NOFREE; } + n_varnames = PyTuple_GET_SIZE(varnames); + if (argcount <= n_varnames && kwonlyargcount <= n_varnames) { + /* Never overflows. */ + total_args = (Py_ssize_t)argcount + (Py_ssize_t)kwonlyargcount + + ((flags & CO_VARARGS) != 0) + ((flags & CO_VARKEYWORDS) != 0); + } + else { + total_args = n_varnames + 1; + } + if (total_args > n_varnames) { + PyErr_SetString(PyExc_ValueError, "code: varnames is too small"); + return NULL; + } + /* Create mapping between cells and arguments if needed. */ if (n_cellvars) { - Py_ssize_t total_args = argcount + kwonlyargcount + - ((flags & CO_VARARGS) != 0) + ((flags & CO_VARKEYWORDS) != 0); bool used_cell2arg = false; cell2arg = PyMem_NEW(Py_ssize_t, n_cellvars); if (cell2arg == NULL) { |