[Python-checkins] CVS: python/dist/src/Python bltinmodule.c,2.162,2.163
Guido van Rossum
python-dev@python.org
2000年6月28日 14:12:28 -0700
Update of /cvsroot/python/python/dist/src/Python
In directory slayer.i.sourceforge.net:/tmp/cvs-serv3006
Modified Files:
bltinmodule.c
Log Message:
Trent Mick:
Various small fixes to the builtin module to ensure no buffer
overflows.
- chunk #1:
Proper casting to ensure no truncation, and hence no surprises, in the
comparison.
- chunk #2:
The id() function guarantees a unique return value for different
objects. It does this by returning the pointer to the object. By
returning a PyInt, on Win64 (sizeof(long) < sizeof(void*)) the pointer
is truncated and the guarantee may be proven false. The appropriate
return function is PyLong_FromVoidPtr, this returns a PyLong if that
is necessary to return the pointer without truncation.
[GvR: note that this means that id() can now return a long on Win32
platforms. This *might* break some code...]
- chunk #3:
Ensure no overflow in raw_input(). Granted the user would have to pass
in >2GB of data but it *is* a possible buffer overflow condition.
Index: bltinmodule.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/bltinmodule.c,v
retrieving revision 2.162
retrieving revision 2.163
diff -C2 -r2.162 -r2.163
*** bltinmodule.c 2000年06月20日 04:54:19 2.162
--- bltinmodule.c 2000年06月28日 21:12:25 2.163
***************
*** 833,837 ****
}
str = PyString_AsString(cmd);
! if ((int)strlen(str) != PyString_Size(cmd)) {
PyErr_SetString(PyExc_ValueError,
"embedded '\0円' in string arg");
--- 833,837 ----
}
str = PyString_AsString(cmd);
! if (strlen(str) != (size_t)PyString_Size(cmd)) {
PyErr_SetString(PyExc_ValueError,
"embedded '\0円' in string arg");
***************
*** 986,990 ****
if (!PyArg_ParseTuple(args, "O:id", &v))
return NULL;
! return PyInt_FromLong((long)v);
}
--- 986,990 ----
if (!PyArg_ParseTuple(args, "O:id", &v))
return NULL;
! return PyLong_FromVoidPtr(v);
}
***************
*** 1874,1878 ****
}
else { /* strip trailing '\n' */
! result = PyString_FromStringAndSize(s, strlen(s)-1);
}
PyMem_FREE(s);
--- 1874,1885 ----
}
else { /* strip trailing '\n' */
! size_t len = strlen(s);
! if (len > INT_MAX) {
! PyErr_SetString(PyExc_OverflowError, "input too long");
! result = NULL;
! }
! else {
! result = PyString_FromStringAndSize(s, (int)(len-1));
! }
}
PyMem_FREE(s);