diff options
| author | Armin Rigo <arigo@tunes.org> | 2006-10-04 12:17:45 +0000 |
|---|---|---|
| committer | Armin Rigo <arigo@tunes.org> | 2006-10-04 12:17:45 +0000 |
| commit | 7ccbca93a27e22f0b06316b0d9760fbf7b19cbda (patch) | |
| tree | 63a92638c4b4faa7bcd2979eadeef5aa33a1abd9 /Objects/fileobject.c | |
| parent | 0d2f498a4cebb428a28fdc54b277ecede5ebc1c7 (diff) | |
| download | cpython-git-7ccbca93a27e22f0b06316b0d9760fbf7b19cbda.tar.gz | |
Forward-port of r52136,52138: a review of overflow-detecting code.
* unified the way intobject, longobject and mystrtoul handle
values around -sys.maxint-1.
* in general, trying to entierely avoid overflows in any computation
involving signed ints or longs is extremely involved. Fixed a few
simple cases where a compiler might be too clever (but that's all
guesswork).
* more overflow checks against bad data in marshal.c.
* 2.5 specific: fixed a number of places that were still confusing int
and Py_ssize_t. Some of them could potentially have caused
"real-world" breakage.
* list.pop(x): fixing overflow issues on x was messy. I just reverted
to PyArg_ParseTuple("n"), which does the right thing. (An obscure
test was trying to give a Decimal to list.pop()... doesn't make
sense any more IMHO)
* trying to write a few tests...
Diffstat (limited to 'Objects/fileobject.c')
| -rw-r--r-- | Objects/fileobject.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/Objects/fileobject.c b/Objects/fileobject.c index b43bf85b87..ced07684fd 100644 --- a/Objects/fileobject.c +++ b/Objects/fileobject.c @@ -1001,6 +1001,7 @@ getline_via_fgets(FILE *fp) size_t nfree; /* # of free buffer slots; pvend-pvfree */ size_t total_v_size; /* total # of slots in buffer */ size_t increment; /* amount to increment the buffer */ + size_t prev_v_size; /* Optimize for normal case: avoid _PyString_Resize if at all * possible via first reading into stack buffer "buf". @@ -1115,8 +1116,11 @@ getline_via_fgets(FILE *fp) /* expand buffer and try again */ assert(*(pvend-1) == '\0'); increment = total_v_size >> 2; /* mild exponential growth */ + prev_v_size = total_v_size; total_v_size += increment; - if (total_v_size > PY_SSIZE_T_MAX) { + /* check for overflow */ + if (total_v_size <= prev_v_size || + total_v_size > PY_SSIZE_T_MAX) { PyErr_SetString(PyExc_OverflowError, "line is longer than a Python string can hold"); Py_DECREF(v); @@ -1125,7 +1129,7 @@ getline_via_fgets(FILE *fp) if (_PyString_Resize(&v, (int)total_v_size) < 0) return NULL; /* overwrite the trailing null byte */ - pvfree = BUF(v) + (total_v_size - increment - 1); + pvfree = BUF(v) + (prev_v_size - 1); } if (BUF(v) + total_v_size != p) _PyString_Resize(&v, p - BUF(v)); |