[Python-checkins] cpython (3.1): Issue #8650: Backport 64-bit safety fixes for compress() and decompress().

Sat May 14 22:34:48 CEST 2011

http://hg.python.org/cpython/rev/850624632e9a
changeset: 70103:850624632e9a
branch: 3.1
parent: 70099:6a45567c7245
user: Nadeem Vawda <nadeem.vawda at gmail.com>
date: Sat May 14 22:26:55 2011 +0200
summary:
 Issue #8650: Backport 64-bit safety fixes for compress() and decompress().
files:
 Lib/test/test_zlib.py | 11 +++++++++++
 Modules/zlibmodule.c | 31 +++++++++++++++++++++----------
 2 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/Lib/test/test_zlib.py b/Lib/test/test_zlib.py
--- a/Lib/test/test_zlib.py
+++ b/Lib/test/test_zlib.py
@@ -186,6 +186,17 @@
 def test_big_decompress_buffer(self, size):
 self.check_big_decompress_buffer(size, zlib.decompress)
 
+ @precisionbigmemtest(size=_4G + 100, memuse=1)
+ def test_length_overflow(self, size):
+ if size < _4G + 100:
+ self.skipTest("not enough free memory, need at least 4 GB")
+ data = b'x' * size
+ try:
+ self.assertRaises(OverflowError, zlib.compress, data, 1)
+ self.assertRaises(OverflowError, zlib.decompress, data)
+ finally:
+ data = None
+
 
 class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase):
 # Test compression object
diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c
--- a/Modules/zlibmodule.c
+++ b/Modules/zlibmodule.c
@@ -116,13 +116,20 @@
 {
 PyObject *ReturnVal = NULL;
 Py_buffer pinput;
- Byte *input, *output;
- int length, level=Z_DEFAULT_COMPRESSION, err;
+ Byte *input, *output = NULL;
+ unsigned int length;
+ int level=Z_DEFAULT_COMPRESSION, err;
 z_stream zst;
 
 /* require Python string object, optional 'level' arg */
 if (!PyArg_ParseTuple(args, "y*|i:compress", &pinput, &level))
 return NULL;
+
+ if (pinput.len > UINT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "Size does not fit in an unsigned int");
+ goto error;
+ }
 input = pinput.buf;
 length = pinput.len;
 
@@ -130,10 +137,9 @@
 
 output = (Byte*)malloc(zst.avail_out);
 if (output == NULL) {
- PyBuffer_Release(&pinput);
 PyErr_SetString(PyExc_MemoryError,
 "Can't allocate memory to compress data");
- return NULL;
+ goto error;
 }
 
 /* Past the point of no return. From here on out, we need to make sure
@@ -196,10 +202,11 @@
 static PyObject *
 PyZlib_decompress(PyObject *self, PyObject *args)
 {
- PyObject *result_str;
+ PyObject *result_str = NULL;
 Py_buffer pinput;
 Byte *input;
- int length, err;
+ unsigned int length;
+ int err;
 int wsize=DEF_WBITS;
 Py_ssize_t r_strlen=DEFAULTALLOC;
 z_stream zst;
@@ -207,6 +214,12 @@
 if (!PyArg_ParseTuple(args, "y*|in:decompress",
 &pinput, &wsize, &r_strlen))
 return NULL;
+
+ if (pinput.len > UINT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "Size does not fit in an unsigned int");
+ goto error;
+ }
 input = pinput.buf;
 length = pinput.len;
 
@@ -216,10 +229,8 @@
 zst.avail_in = length;
 zst.avail_out = r_strlen;
 
- if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen))) {
- PyBuffer_Release(&pinput);
- return NULL;
- }
+ if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen)))
+ goto error;
 
 zst.zalloc = (alloc_func)NULL;
 zst.zfree = (free_func)Z_NULL;
-- 
Repository URL: http://hg.python.org/cpython
