parameter but was not verifying that it was greater than zero. Values
less than zero will now raise a SystemError and return NULL to indicate a
bug in the calling C code. CVE-2008-1887.
backport r62261, r62271
to the signed max value similar to 2.5 and trunk.
Issue #2620: Overflow checking when allocating or reallocating memory
was not always being done properly in some python types and extension
modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have
all been updated to perform better checks and places in the code that
would previously leak memory on the error path when such an allocation
failed have been fixed.
Added checks for integer overflows, contributed by Google. Some are
only available if asserts are left in the code, in cases where they
can't be triggered from Python code.
SF patch #1630975: Fix crash when replacing sys.stdout in sitecustomize
When running the interpreter in an environment that would cause it to set
stdout/stderr/stdin's encoding, having a sitecustomize that would replace
them with something other than PyFile objects would crash the interpreter.
Fix it by simply ignoring the encoding-setting for non-files.
This could do with a test, but I can think of no maintainable and portable
way to test this bug, short of adding a sitecustomize.py to the buildsystem
and have it always run with it (hmmm....)
about truly wrong code.
Checkin comment from 51262:
Can't return NULL from a void function. If there is a memory error,
about the best we can do is call PyErr_WriteUnraisable and go on.
We won't be able to do the call below either, so verify delstr is valid.
fixing an unlikely crash bug in dict resizing, SF
bug 1456209.
The rest of rev 46589 changes whether Python suppresses
exceptions during some dict-related comparisons. While I
think that's a good idea, it does change visible behavior at
times, and there was already some complaining about that on
the trunk. Not a good idea for backporting. The part of
46589 checked in here can at worst stop segfaults, and I doubt
anyone will gripe about that ;-)
Fix problems found by Coverity.
longobject.c: also fix an ssize_t problem
<a> could have been NULL, so hoist the size calc to not use <a>.
[The ssize_t change isn't needed for 2.4. The other changes in this revision
are to modules not present in 2.4. --amk]
Fix three nits found by Coverity, adding null checks and comments.
[This commit only makes two changes. One change in the original patch
is just adding a comment, and another adds a 'base != NULL' check to
silence Coverity, but a comment adds that that base is never going to
be NULL. I didn't backport that change. --amk]
backported.]
Use sizeof(buffer) instead of duplicating the constants to ensure they won't
be wrong.
The real change is to pass (bufsz - 1) to PyOS_ascii_formatd and 1
to strncat. strncat copies n+1 bytes from src (not dest).
Reported by Klocwork #58.
PyFunction_SetDefaults() is documented as taking None or a tuple.
A NULL would crash the PyTuple_Check(). Now make NULL return a SystemError.
Reported by Klocwork #73.
Handle a whole lot of failures from PyString_FromInternedString().
Should fix most of Klocwork 234-272.
[Backport r51400 | neal.norwitz]
Move initialization of interned strings to before allocating the
object so we don't leak op. (Fixes an earlier patch to this code)
Klockwork #350
and _elementtree.c weren't applicable]
Klocwork made another run and found a bunch more problems.
This is the first batch of fixes that should be easy to verify based on context.
This fixes problem numbers: 220 (ast), 323-324 (symtable),
321-322 (structseq), 215 (array), 210 (hotshot), 182 (codecs), 209 (etree).
* unified the way intobject, longobject and mystrtoul handle
values around -sys.maxint-1.
* in general, trying to entierely avoid overflows in any computation
involving signed ints or longs is extremely involved. Fixed a few
simple cases where a compiler might be too clever (but that's all
guesswork).
* more overflow checks against bad data in marshal.c.
Move the initialization of size_a down below the check for a being NULL.
Reported by Klocwork #106.
[Slight change required: in 2.5 Py_ssize_t is used, but 2.4 uses int.]
Stop INCREFing name, then checking if it's NULL. name (f_name) should never
be NULL so assert it. Fix one place where we could have passed NULL.
Reported by Klocwork #66.
