diff options
Diffstat (limited to 'Python')
| -rw-r--r-- | Python/errors.c | 3 | ||||
| -rw-r--r-- | Python/getargs.c | 7 | ||||
| -rw-r--r-- | Python/marshal.c | 38 | ||||
| -rw-r--r-- | Python/modsupport.c | 2 | ||||
| -rw-r--r-- | Python/mystrtoul.c | 12 | ||||
| -rw-r--r-- | Python/sysmodule.c | 2 |
6 files changed, 37 insertions, 27 deletions
diff --git a/Python/errors.c b/Python/errors.c index 7b71051..66a734e 100644 --- a/Python/errors.c +++ b/Python/errors.c @@ -551,7 +551,8 @@ PyErr_NewException(char *name, PyObject *base, PyObject *dict) goto failure; } if (PyDict_GetItemString(dict, "__module__") == NULL) { - modulename = PyString_FromStringAndSize(name, (int)(dot-name)); + modulename = PyString_FromStringAndSize(name, + (Py_ssize_t)(dot-name)); if (modulename == NULL) goto failure; if (PyDict_SetItemString(dict, "__module__", modulename) != 0) diff --git a/Python/getargs.c b/Python/getargs.c index b676a5e..a848116 100644 --- a/Python/getargs.c +++ b/Python/getargs.c @@ -815,7 +815,7 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags, #endif else return converterr("string", arg, msgbuf, bufsize); - if ((int)strlen(*p) != PyString_Size(arg)) + if ((Py_ssize_t)strlen(*p) != PyString_Size(arg)) return converterr("string without null bytes", arg, msgbuf, bufsize); } @@ -882,7 +882,7 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags, format++; } else if (*p != NULL && - (int)strlen(*p) != PyString_Size(arg)) + (Py_ssize_t)strlen(*p) != PyString_Size(arg)) return converterr( "string without null bytes or None", arg, msgbuf, bufsize); @@ -1029,7 +1029,8 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags, PyMem_Free()ing it after usage */ - if ((int)strlen(PyString_AS_STRING(s)) != size) { + if ((Py_ssize_t)strlen(PyString_AS_STRING(s)) + != size) { Py_DECREF(s); return converterr( "(encoded string without NULL bytes)", diff --git a/Python/marshal.c b/Python/marshal.c index c3bc87f..776836e 100644 --- a/Python/marshal.c +++ b/Python/marshal.c @@ -546,6 +546,11 @@ r_object(RFILE *p) int size; PyLongObject *ob; n = r_long(p); + if (n < -INT_MAX || n > INT_MAX) { + PyErr_SetString(PyExc_ValueError, + "bad marshal data"); + return NULL; + } size = n<0 ? -n : n; ob = _PyLong_New(size); if (ob == NULL) @@ -654,7 +659,7 @@ r_object(RFILE *p) case TYPE_INTERNED: case TYPE_STRING: n = r_long(p); - if (n < 0) { + if (n < 0 || n > INT_MAX) { PyErr_SetString(PyExc_ValueError, "bad marshal data"); return NULL; } @@ -689,7 +694,7 @@ r_object(RFILE *p) char *buffer; n = r_long(p); - if (n < 0) { + if (n < 0 || n > INT_MAX) { PyErr_SetString(PyExc_ValueError, "bad marshal data"); return NULL; } @@ -710,7 +715,7 @@ r_object(RFILE *p) case TYPE_TUPLE: n = r_long(p); - if (n < 0) { + if (n < 0 || n > INT_MAX) { PyErr_SetString(PyExc_ValueError, "bad marshal data"); return NULL; } @@ -733,7 +738,7 @@ r_object(RFILE *p) case TYPE_LIST: n = r_long(p); - if (n < 0) { + if (n < 0 || n > INT_MAX) { PyErr_SetString(PyExc_ValueError, "bad marshal data"); return NULL; } @@ -831,10 +836,11 @@ r_object(RFILE *p) v = NULL; - argcount = r_long(p); - nlocals = r_long(p); - stacksize = r_long(p); - flags = r_long(p); + /* XXX ignore long->int overflows for now */ + argcount = (int)r_long(p); + nlocals = (int)r_long(p); + stacksize = (int)r_long(p); + flags = (int)r_long(p); code = r_object(p); if (code == NULL) goto code_error; @@ -859,7 +865,7 @@ r_object(RFILE *p) name = r_object(p); if (name == NULL) goto code_error; - firstlineno = r_long(p); + firstlineno = (int)r_long(p); lnotab = r_object(p); if (lnotab == NULL) goto code_error; @@ -1031,10 +1037,16 @@ PyMarshal_WriteObjectToString(PyObject *x, int version) wf.strings = (version > 0) ? PyDict_New() : NULL; w_object(x, &wf); Py_XDECREF(wf.strings); - if (wf.str != NULL) - _PyString_Resize(&wf.str, - (int) (wf.ptr - - PyString_AS_STRING((PyStringObject *)wf.str))); + if (wf.str != NULL) { + char *base = PyString_AS_STRING((PyStringObject *)wf.str); + if (wf.ptr - base > PY_SSIZE_T_MAX) { + Py_DECREF(wf.str); + PyErr_SetString(PyExc_OverflowError, + "too much marshall data for a string"); + return NULL; + } + _PyString_Resize(&wf.str, (Py_ssize_t)(wf.ptr - base)); + } if (wf.error) { Py_XDECREF(wf.str); PyErr_SetString(PyExc_ValueError, diff --git a/Python/modsupport.c b/Python/modsupport.c index e291014..1aa3df2 100644 --- a/Python/modsupport.c +++ b/Python/modsupport.c @@ -421,7 +421,7 @@ do_mkvalue(const char **p_format, va_list *p_va, int flags) "string too long for Python string"); return NULL; } - n = (int)m; + n = (Py_ssize_t)m; } v = PyString_FromStringAndSize(str, n); } diff --git a/Python/mystrtoul.c b/Python/mystrtoul.c index 0dda4be..f007057 100644 --- a/Python/mystrtoul.c +++ b/Python/mystrtoul.c @@ -195,13 +195,10 @@ overflowed: return (unsigned long)-1; } -/* Checking for overflow in PyOS_strtol is a PITA since C doesn't define - * anything about what happens when a signed integer operation overflows, - * and some compilers think they're doing you a favor by being "clever" - * then. Python assumes a 2's-complement representation, so that the bit - * pattern for the largest postive signed long is LONG_MAX, and for - * the smallest negative signed long is LONG_MAX + 1. +/* Checking for overflow in PyOS_strtol is a PITA; see comments + * about PY_ABS_LONG_MIN in longobject.c. */ +#define PY_ABS_LONG_MIN (0-(unsigned long)LONG_MIN) long PyOS_strtol(char *str, char **ptr, int base) @@ -224,8 +221,7 @@ PyOS_strtol(char *str, char **ptr, int base) if (sign == '-') result = -result; } - else if (sign == '-' && uresult == (unsigned long)LONG_MAX + 1) { - assert(LONG_MIN == -LONG_MAX-1); + else if (sign == '-' && uresult == PY_ABS_LONG_MIN) { result = LONG_MIN; } else { diff --git a/Python/sysmodule.c b/Python/sysmodule.c index 2dbe283..6fbaba50 100644 --- a/Python/sysmodule.c +++ b/Python/sysmodule.c @@ -1225,7 +1225,7 @@ makepathobject(char *path, int delim) p = strchr(path, delim); if (p == NULL) p = strchr(path, '\0'); /* End of string */ - w = PyString_FromStringAndSize(path, (int) (p - path)); + w = PyString_FromStringAndSize(path, (Py_ssize_t) (p - path)); if (w == NULL) { Py_DECREF(v); return NULL; |