[Python-checkins] r62262 - in python/branches/release25-maint: Misc/NEWS Objects/stringobject.c

gregory.p.smith python-checkins at python.org
Thu Apr 10 01:41:13 CEST 2008

• Previous message: [Python-checkins] r62261 - python/trunk/Objects/bytesobject.c python/trunk/Objects/stringobject.c python/trunk/Objects/unicodeobject.c
• Next message: [Python-checkins] r62262 - in python/branches/release25-maint: Misc/NEWS Objects/stringobject.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: gregory.p.smith
Date: Thu Apr 10 01:41:13 2008
New Revision: 62262
Modified:
 python/branches/release25-maint/Misc/NEWS
 python/branches/release25-maint/Objects/stringobject.c
Log:
Backport r62261 from trunk:
Prevent PyString_FromStringAndSize() from passing negative sizes on to lower
level memory allocation functions. Raise a SystemError and return NULL
instead.
Modified: python/branches/release25-maint/Misc/NEWS
==============================================================================
--- python/branches/release25-maint/Misc/NEWS	(original)
+++ python/branches/release25-maint/Misc/NEWS	Thu Apr 10 01:41:13 2008
@@ -30,13 +30,15 @@
 - Issue #2238: Some syntax errors in *args and **kwargs expressions could give
 bogus error messages.
 
+- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
+ parameter but was not verifying that it was greater than zero. Values
+ less than zero will now raise a SystemError and return NULL to indicate a
+ bug in the calling C code.
+
 
 Library
 -------
 
-- zlib.decompressobj().flush(value) no longer crashes the interpreter when
- passed a value less than or equal to zero.
-
 - Issue #2495: tokenize.untokenize now inserts a space between two consecutive
 string literals; previously, ["" ""] was rendered as [""""], which is
 incorrect python code.
@@ -72,6 +74,9 @@
 Extension Modules
 -----------------
 
+- zlib.decompressobj().flush(value) no longer crashes the interpreter when
+ passed a value less than or equal to zero.
+
 Tests
 -----
 
Modified: python/branches/release25-maint/Objects/stringobject.c
==============================================================================
--- python/branches/release25-maint/Objects/stringobject.c	(original)
+++ python/branches/release25-maint/Objects/stringobject.c	Thu Apr 10 01:41:13 2008
@@ -54,6 +54,11 @@
 {
 	register PyStringObject *op;
 	assert(size >= 0);
+	if (size < 0) {
+		PyErr_SetString(PyExc_SystemError,
+		 "Negative size passed to PyString_FromStringAndSize");
+		return NULL;
+	}
 	if (size == 0 && (op = nullstring) != NULL) {
 #ifdef COUNT_ALLOCS
 		null_strings++;

---

• Previous message: [Python-checkins] r62261 - python/trunk/Objects/bytesobject.c python/trunk/Objects/stringobject.c python/trunk/Objects/unicodeobject.c
• Next message: [Python-checkins] r62262 - in python/branches/release25-maint: Misc/NEWS Objects/stringobject.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list