From fd24f9e51e80fb050e4239f6909eaff2d29ec30d Mon Sep 17 00:00:00 2001 From: Stefan Krah Date: Mon, 20 Aug 2012 11:04:24 +0200 Subject: Issue #15732: Fix (constructed) crash in _PySequence_BytesToCharpArray(). Found by Coverity. --- Lib/test/test_capi.py | 13 +++++++++++++ Objects/abstract.c | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/Lib/test/test_capi.py b/Lib/test/test_capi.py index c2c633f..0307394 100644 --- a/Lib/test/test_capi.py +++ b/Lib/test/test_capi.py @@ -11,6 +11,10 @@ import time import unittest from test import support try: + import _posixsubprocess +except ImportError: + _posixsubprocess = None +try: import threading except ImportError: threading = None @@ -55,6 +59,15 @@ class CAPITest(unittest.TestCase): def test_memoryview_from_NULL_pointer(self): self.assertRaises(ValueError, _testcapi.make_memoryview_from_NULL_pointer) + @unittest.skipUnless(_posixsubprocess, '_posixsubprocess required for this test.') + def test_seq_bytes_to_charp_array(self): + # Issue #15732: crash in _PySequence_BytesToCharpArray() + class Z(object): + def __len__(self): + return 1 + self.assertRaises(TypeError, _posixsubprocess.fork_exec, + 1,Z(),3,[1, 2],5,6,7,8,9,10,11,12,13,14,15,16,17) + @unittest.skipUnless(threading, 'Threading required for this test.') class TestPendingCalls(unittest.TestCase): diff --git a/Objects/abstract.c b/Objects/abstract.c index 2f887aa..299daf5 100644 --- a/Objects/abstract.c +++ b/Objects/abstract.c @@ -2736,6 +2736,11 @@ _PySequence_BytesToCharpArray(PyObject* self) for (i = 0; i < argc; ++i) { char *data; item = PySequence_GetItem(self, i); + if (item == NULL) { + /* NULL terminate before freeing. */ + array[i] = NULL; + goto fail; + } data = PyBytes_AsString(item); if (data == NULL) { /* NULL terminate before freeing. */ -- cgit v0.12