mirror of
https://github.com/python/cpython.git
synced 2025-07-28 05:34:31 +00:00
Forward-port of r52136,52138: a review of overflow-detecting code.
* unified the way intobject, longobject and mystrtoul handle
values around -sys.maxint-1.
* in general, trying to entierely avoid overflows in any computation
involving signed ints or longs is extremely involved. Fixed a few
simple cases where a compiler might be too clever (but that's all
guesswork).
* more overflow checks against bad data in marshal.c.
* 2.5 specific: fixed a number of places that were still confusing int
and Py_ssize_t. Some of them could potentially have caused
"real-world" breakage.
* list.pop(x): fixing overflow issues on x was messy. I just reverted
to PyArg_ParseTuple("n"), which does the right thing. (An obscure
test was trying to give a Decimal to list.pop()... doesn't make
sense any more IMHO)
* trying to write a few tests...
This commit is contained in:
Armin Rigo
parent
0d2f498a4c
commit
7ccbca93a2
19 changed files with 186 additions and 106 deletions
|
|
@ -551,7 +551,8 @@ PyErr_NewException(char *name, PyObject *base, PyObject *dict)
|
|||
goto failure;
|
||||
}
|
||||
if (PyDict_GetItemString(dict, "__module__") == NULL) {
|
||||
modulename = PyString_FromStringAndSize(name, (int)(dot-name));
|
||||
modulename = PyString_FromStringAndSize(name,
|
||||
(Py_ssize_t)(dot-name));
|
||||
if (modulename == NULL)
|
||||
goto failure;
|
||||
if (PyDict_SetItemString(dict, "__module__", modulename) != 0)
|
||||
|
|
|
|||
|
|
@ -815,7 +815,7 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
|
|||
#endif
|
||||
else
|
||||
return converterr("string", arg, msgbuf, bufsize);
|
||||
if ((int)strlen(*p) != PyString_Size(arg))
|
||||
if ((Py_ssize_t)strlen(*p) != PyString_Size(arg))
|
||||
return converterr("string without null bytes",
|
||||
arg, msgbuf, bufsize);
|
||||
}
|
||||
|
|
@ -882,7 +882,7 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
|
|||
format++;
|
||||
}
|
||||
else if (*p != NULL &&
|
||||
(int)strlen(*p) != PyString_Size(arg))
|
||||
(Py_ssize_t)strlen(*p) != PyString_Size(arg))
|
||||
return converterr(
|
||||
"string without null bytes or None",
|
||||
arg, msgbuf, bufsize);
|
||||
|
|
@ -1029,7 +1029,8 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
|
|||
PyMem_Free()ing it after usage
|
||||
|
||||
*/
|
||||
if ((int)strlen(PyString_AS_STRING(s)) != size) {
|
||||
if ((Py_ssize_t)strlen(PyString_AS_STRING(s))
|
||||
!= size) {
|
||||
Py_DECREF(s);
|
||||
return converterr(
|
||||
"(encoded string without NULL bytes)",
|
||||
|
|
|
|||
|
|
@ -546,6 +546,11 @@ r_object(RFILE *p)
|
|||
int size;
|
||||
PyLongObject *ob;
|
||||
n = r_long(p);
|
||||
if (n < -INT_MAX || n > INT_MAX) {
|
||||
PyErr_SetString(PyExc_ValueError,
|
||||
"bad marshal data");
|
||||
return NULL;
|
||||
}
|
||||
size = n<0 ? -n : n;
|
||||
ob = _PyLong_New(size);
|
||||
if (ob == NULL)
|
||||
|
|
@ -654,7 +659,7 @@ r_object(RFILE *p)
|
|||
case TYPE_INTERNED:
|
||||
case TYPE_STRING:
|
||||
n = r_long(p);
|
||||
if (n < 0) {
|
||||
if (n < 0 || n > INT_MAX) {
|
||||
PyErr_SetString(PyExc_ValueError, "bad marshal data");
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -689,7 +694,7 @@ r_object(RFILE *p)
|
|||
char *buffer;
|
||||
|
||||
n = r_long(p);
|
||||
if (n < 0) {
|
||||
if (n < 0 || n > INT_MAX) {
|
||||
PyErr_SetString(PyExc_ValueError, "bad marshal data");
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -710,7 +715,7 @@ r_object(RFILE *p)
|
|||
|
||||
case TYPE_TUPLE:
|
||||
n = r_long(p);
|
||||
if (n < 0) {
|
||||
if (n < 0 || n > INT_MAX) {
|
||||
PyErr_SetString(PyExc_ValueError, "bad marshal data");
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -733,7 +738,7 @@ r_object(RFILE *p)
|
|||
|
||||
case TYPE_LIST:
|
||||
n = r_long(p);
|
||||
if (n < 0) {
|
||||
if (n < 0 || n > INT_MAX) {
|
||||
PyErr_SetString(PyExc_ValueError, "bad marshal data");
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -831,10 +836,11 @@ r_object(RFILE *p)
|
|||
|
||||
v = NULL;
|
||||
|
||||
argcount = r_long(p);
|
||||
nlocals = r_long(p);
|
||||
stacksize = r_long(p);
|
||||
flags = r_long(p);
|
||||
/* XXX ignore long->int overflows for now */
|
||||
argcount = (int)r_long(p);
|
||||
nlocals = (int)r_long(p);
|
||||
stacksize = (int)r_long(p);
|
||||
flags = (int)r_long(p);
|
||||
code = r_object(p);
|
||||
if (code == NULL)
|
||||
goto code_error;
|
||||
|
|
@ -859,7 +865,7 @@ r_object(RFILE *p)
|
|||
name = r_object(p);
|
||||
if (name == NULL)
|
||||
goto code_error;
|
||||
firstlineno = r_long(p);
|
||||
firstlineno = (int)r_long(p);
|
||||
lnotab = r_object(p);
|
||||
if (lnotab == NULL)
|
||||
goto code_error;
|
||||
|
|
@ -1031,10 +1037,16 @@ PyMarshal_WriteObjectToString(PyObject *x, int version)
|
|||
wf.strings = (version > 0) ? PyDict_New() : NULL;
|
||||
w_object(x, &wf);
|
||||
Py_XDECREF(wf.strings);
|
||||
if (wf.str != NULL)
|
||||
_PyString_Resize(&wf.str,
|
||||
(int) (wf.ptr -
|
||||
PyString_AS_STRING((PyStringObject *)wf.str)));
|
||||
if (wf.str != NULL) {
|
||||
char *base = PyString_AS_STRING((PyStringObject *)wf.str);
|
||||
if (wf.ptr - base > PY_SSIZE_T_MAX) {
|
||||
Py_DECREF(wf.str);
|
||||
PyErr_SetString(PyExc_OverflowError,
|
||||
"too much marshall data for a string");
|
||||
return NULL;
|
||||
}
|
||||
_PyString_Resize(&wf.str, (Py_ssize_t)(wf.ptr - base));
|
||||
}
|
||||
if (wf.error) {
|
||||
Py_XDECREF(wf.str);
|
||||
PyErr_SetString(PyExc_ValueError,
|
||||
|
|
|
|||
|
|
@ -421,7 +421,7 @@ do_mkvalue(const char **p_format, va_list *p_va, int flags)
|
|||
"string too long for Python string");
|
||||
return NULL;
|
||||
}
|
||||
n = (int)m;
|
||||
n = (Py_ssize_t)m;
|
||||
}
|
||||
v = PyString_FromStringAndSize(str, n);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -195,13 +195,10 @@ overflowed:
|
|||
return (unsigned long)-1;
|
||||
}
|
||||
|
||||
/* Checking for overflow in PyOS_strtol is a PITA since C doesn't define
|
||||
* anything about what happens when a signed integer operation overflows,
|
||||
* and some compilers think they're doing you a favor by being "clever"
|
||||
* then. Python assumes a 2's-complement representation, so that the bit
|
||||
* pattern for the largest postive signed long is LONG_MAX, and for
|
||||
* the smallest negative signed long is LONG_MAX + 1.
|
||||
/* Checking for overflow in PyOS_strtol is a PITA; see comments
|
||||
* about PY_ABS_LONG_MIN in longobject.c.
|
||||
*/
|
||||
#define PY_ABS_LONG_MIN (0-(unsigned long)LONG_MIN)
|
||||
|
||||
long
|
||||
PyOS_strtol(char *str, char **ptr, int base)
|
||||
|
|
@ -224,8 +221,7 @@ PyOS_strtol(char *str, char **ptr, int base)
|
|||
if (sign == '-')
|
||||
result = -result;
|
||||
}
|
||||
else if (sign == '-' && uresult == (unsigned long)LONG_MAX + 1) {
|
||||
assert(LONG_MIN == -LONG_MAX-1);
|
||||
else if (sign == '-' && uresult == PY_ABS_LONG_MIN) {
|
||||
result = LONG_MIN;
|
||||
}
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -1225,7 +1225,7 @@ makepathobject(char *path, int delim)
|
|||
p = strchr(path, delim);
|
||||
if (p == NULL)
|
||||
p = strchr(path, '\0'); /* End of string */
|
||||
w = PyString_FromStringAndSize(path, (int) (p - path));
|
||||
w = PyString_FromStringAndSize(path, (Py_ssize_t) (p - path));
|
||||
if (w == NULL) {
|
||||
Py_DECREF(v);
|
||||
return NULL;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue