Added checks for integer overflows, contributed by Google. Some are
only available if asserts are left in the code, in cases where they
can't be triggered from Python code.
function can be called recursively.
This was discussed in issue1020188.
In python codebase, all occurrences of Py_[X]DECREF(xxx->yyy) are suspect,
except when they appear in tp_new or tp_dealloc functions, or when
the member cannot be of a user-defined class.
Note that tp_init is not safe.
I do have a (crashing) example for every changed line.
Is it worth adding them to the test suite?
Example:
class SpecialStr(str):
def __del__(self):
s.close()
import cStringIO
s = cStringIO.StringIO(SpecialStr("text"))
s.close() # Segfault
In C++, it's an error to pass a string literal to a char* function
without a const_cast(). Rather than require every C++ extension
module to put a cast around string literals, fix the API to state the
const-ness.
I focused on parts of the API where people usually pass literals:
PyArg_ParseTuple() and friends, Py_BuildValue(), PyMethodDef, the type
slots, etc. Predictably, there were a large set of functions that
needed to be fixed as a result of these changes. The most pervasive
change was to make the keyword args list passed to
PyArg_ParseTupleAndKewords() to be a const char *kwlist[].
One cast was required as a result of the changes: A type object
mallocs the memory for its tp_doc slot and later frees it.
PyTypeObject says that tp_doc is const char *; but if the type was
created by type_new(), we know it is safe to cast to char *.
truncate() left the stream position unchanged, which meant the
"truncated" data didn't go away:
>>> io.write('abc')
>>> io.truncate(0)
>>> io.write('xyz')
>>> io.getvalue()
'abcxyz'
Patch by Dima Dorfman.
The writelines() method now accepts any iterable argument and writes
the lines one at a time rather than using ''.join(lines) followed by
a single write. Results in considerable memory savings and makes
the method suitable for use with generator expressions.
