From 85634d7a2e4b864c4ca3baa591e9479ffd5a2540 Mon Sep 17 00:00:00 2001 From: Kristjan Valur Jonsson Date: Thu, 31 May 2012 09:37:31 +0000 Subject: Issue #14909: A number of places were using PyMem_Realloc() apis and PyObject_GC_Resize() with incorrect error handling. In case of errors, the original object would be leaked. This checkin fixes those cases. --- Modules/_localemodule.c | 5 +++-- Modules/_randommodule.c | 7 ++++--- Modules/unicodedata.c | 7 +++++-- Objects/frameobject.c | 6 ++++-- Objects/unicodeobject.c | 6 ++++-- 5 files changed, 20 insertions(+), 11 deletions(-) diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c index 20c59a4..cc688ba 100644 --- a/Modules/_localemodule.c +++ b/Modules/_localemodule.c @@ -257,11 +257,12 @@ PyLocale_strxfrm(PyObject* self, PyObject* args) n2 = wcsxfrm(buf, s, n1); if (n2 >= (size_t)n1) { /* more space needed */ - buf = PyMem_Realloc(buf, (n2+1)*sizeof(wchar_t)); - if (!buf) { + wchar_t * new_buf = PyMem_Realloc(buf, (n2+1)*sizeof(wchar_t)); + if (!new_buf) { PyErr_NoMemory(); goto exit; } + buf = new_buf; n2 = wcsxfrm(buf, s, n2+1); } result = PyUnicode_FromWideChar(buf, n2); diff --git a/Modules/_randommodule.c b/Modules/_randommodule.c index bc9b04a..3c7d700 100644 --- a/Modules/_randommodule.c +++ b/Modules/_randommodule.c @@ -210,7 +210,7 @@ random_seed(RandomObject *self, PyObject *args) PyObject *masklower = NULL; PyObject *thirtytwo = NULL; PyObject *n = NULL; - unsigned long *key = NULL; + unsigned long *new_key, *key = NULL; unsigned long keymax; /* # of allocated slots in key */ unsigned long keyused; /* # of used slots in key */ int err; @@ -287,10 +287,11 @@ random_seed(RandomObject *self, PyObject *args) PyErr_NoMemory(); goto Done; } - key = (unsigned long *)PyMem_Realloc(key, + new_key = (unsigned long *)PyMem_Realloc(key, bigger * sizeof(*key)); - if (key == NULL) + if (new_key == NULL) goto Done; + key = new_key; keymax = bigger; } assert(keyused < keymax); diff --git a/Modules/unicodedata.c b/Modules/unicodedata.c index ed79165..5c982f5 100644 --- a/Modules/unicodedata.c +++ b/Modules/unicodedata.c @@ -526,13 +526,16 @@ nfd_nfkd(PyObject *self, PyObject *input, int k) /* Hangul Decomposition adds three characters in a single step, so we need atleast that much room. */ if (space < 3) { + Py_UCS4 *new_output; osize += 10; space += 10; - output = PyMem_Realloc(output, osize*sizeof(Py_UCS4)); - if (output == NULL) { + new_output = PyMem_Realloc(output, osize*sizeof(Py_UCS4)); + if (new_output == NULL) { + PyMem_Free(output); PyErr_NoMemory(); return NULL; } + output = new_output; } /* Hangul Decomposition. */ if (SBase <= code && code < (SBase+SCount)) { diff --git a/Objects/frameobject.c b/Objects/frameobject.c index 6208556..929385f 100644 --- a/Objects/frameobject.c +++ b/Objects/frameobject.c @@ -663,11 +663,13 @@ PyFrame_New(PyThreadState *tstate, PyCodeObject *code, PyObject *globals, f = free_list; free_list = free_list->f_back; if (Py_SIZE(f) < extras) { - f = PyObject_GC_Resize(PyFrameObject, f, extras); - if (f == NULL) { + PyFrameObject *new_f = PyObject_GC_Resize(PyFrameObject, f, extras); + if (new_f == NULL) { + PyObject_GC_Del(f); Py_DECREF(builtins); return NULL; } + f = new_f; } _Py_NewReference((PyObject *)f); } diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 874e80e..9e9378e 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -8343,13 +8343,15 @@ charmaptranslate_makespace(Py_UCS4 **outobj, Py_ssize_t *psize, Py_ssize_t requiredsize) { Py_ssize_t oldsize = *psize; + Py_UCS4 *new_outobj; if (requiredsize > oldsize) { /* exponentially overallocate to minimize reallocations */ if (requiredsize < 2 * oldsize) requiredsize = 2 * oldsize; - *outobj = PyMem_Realloc(*outobj, requiredsize * sizeof(Py_UCS4)); - if (*outobj == 0) + new_outobj = PyMem_Realloc(*outobj, requiredsize * sizeof(Py_UCS4)); + if (new_outobj == 0) return -1; + *outobj = new_outobj; *psize = requiredsize; } return 0; -- cgit v0.12