From 9ce5a835bbb33c8a7f22e8ab4c6c226ecb27b0be Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Mon, 3 Oct 2011 23:36:02 +0200 Subject: [PATCH] PyUnicode_Join() checks output length in debug mode PyUnicode_CopyCharacters() may copies less character than requested size, if the input string is smaller than the argument. (This is very unlikely, but who knows!?) Avoid also calling PyUnicode_CopyCharacters() if the string is empty. --- Objects/unicodeobject.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index e045b6bcfa2..6aebdc0cff2 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -8890,20 +8890,32 @@ PyUnicode_Join(PyObject *separator, PyObject *seq) /* Catenate everything. */ for (i = 0, res_offset = 0; i < seqlen; ++i) { - Py_ssize_t itemlen; + Py_ssize_t itemlen, copied; item = items[i]; - itemlen = PyUnicode_GET_LENGTH(item); /* Copy item, and maybe the separator. */ - if (i) { - if (PyUnicode_CopyCharacters(res, res_offset, - sep, 0, seplen) < 0) + if (i && seplen != 0) { + copied = PyUnicode_CopyCharacters(res, res_offset, + sep, 0, seplen); + if (copied < 0) goto onError; +#ifdef Py_DEBUG + res_offset += copied; +#else res_offset += seplen; +#endif + } + itemlen = PyUnicode_GET_LENGTH(item); + if (itemlen != 0) { + copied = PyUnicode_CopyCharacters(res, res_offset, + item, 0, itemlen); + if (copied < 0) + goto onError; +#ifdef Py_DEBUG + res_offset += copied; +#else + res_offset += itemlen; +#endif } - if (PyUnicode_CopyCharacters(res, res_offset, - item, 0, itemlen) < 0) - goto onError; - res_offset += itemlen; } assert(res_offset == PyUnicode_GET_LENGTH(res));