diff options
| author | Gregory P. Smith <greg@mad-scientist.com> | 2008-07-22 04:46:32 +0000 |
|---|---|---|
| committer | Gregory P. Smith <greg@mad-scientist.com> | 2008-07-22 04:46:32 +0000 |
| commit | 0470bab69783c13447cb634fa403ef1067fe56d1 (patch) | |
| tree | 8930faf64b2224f282512ff18a41bb0b338beded /Modules | |
| parent | f5574a0c290aac0ec581415fdd343641c00d5d42 (diff) | |
| download | cpython-git-0470bab69783c13447cb634fa403ef1067fe56d1.tar.gz | |
Issue #2620: Overflow checking when allocating or reallocating memory
was not always being done properly in some python types and extension
modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have
all been updated to perform better checks and places in the code that
would previously leak memory on the error path when such an allocation
failed have been fixed.
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/almodule.c | 2 | ||||
| -rw-r--r-- | Modules/arraymodule.c | 5 | ||||
| -rw-r--r-- | Modules/selectmodule.c | 4 |
3 files changed, 9 insertions, 2 deletions
diff --git a/Modules/almodule.c b/Modules/almodule.c index 7f48fffed4..93f26bd48e 100644 --- a/Modules/almodule.c +++ b/Modules/almodule.c @@ -1633,9 +1633,11 @@ al_QueryValues(PyObject *self, PyObject *args) if (nvals < 0) goto cleanup; if (nvals > setsize) { + ALvalue *old_return_set = return_set; setsize = nvals; PyMem_RESIZE(return_set, ALvalue, setsize); if (return_set == NULL) { + return_set = old_return_set; PyErr_NoMemory(); goto cleanup; } diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c index 99d25d38d2..bcd82aa977 100644 --- a/Modules/arraymodule.c +++ b/Modules/arraymodule.c @@ -815,6 +815,7 @@ static int array_do_extend(arrayobject *self, PyObject *bb) { Py_ssize_t size; + char *old_item; if (!array_Check(bb)) return array_iter_extend(self, bb); @@ -830,8 +831,10 @@ array_do_extend(arrayobject *self, PyObject *bb) return -1; } size = Py_SIZE(self) + Py_SIZE(b); + old_item = self->ob_item; PyMem_RESIZE(self->ob_item, char, size*self->ob_descr->itemsize); if (self->ob_item == NULL) { + self->ob_item = old_item; PyErr_NoMemory(); return -1; } @@ -884,7 +887,7 @@ array_inplace_repeat(arrayobject *self, Py_ssize_t n) if (size > PY_SSIZE_T_MAX / n) { return PyErr_NoMemory(); } - PyMem_Resize(items, char, n * size); + PyMem_RESIZE(items, char, n * size); if (items == NULL) return PyErr_NoMemory(); p = items; diff --git a/Modules/selectmodule.c b/Modules/selectmodule.c index 83a6538a41..86ee3cc8cb 100644 --- a/Modules/selectmodule.c +++ b/Modules/selectmodule.c @@ -349,10 +349,12 @@ update_ufd_array(pollObject *self) { Py_ssize_t i, pos; PyObject *key, *value; + struct pollfd *old_ufds = self->ufds; self->ufd_len = PyDict_Size(self->dict); - PyMem_Resize(self->ufds, struct pollfd, self->ufd_len); + PyMem_RESIZE(self->ufds, struct pollfd, self->ufd_len); if (self->ufds == NULL) { + self->ufds = old_ufds; PyErr_NoMemory(); return 0; } |