Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 44ed4db

Browse files
author
Fredrik Lundh
committed
merged with cElementTree development trunk (1.0.6 snapshot):
Fixed a number of potential null-pointer-reference-under-pressure glitches, based on input from the Coverity analysis tool and Simo Salminen.
1 parent d39ab5b commit 44ed4db

1 file changed

Lines changed: 60 additions & 32 deletions

File tree

Modules/_elementtree.c

Lines changed: 60 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* ElementTree
3-
* $Id: /work/modules/celementtree/cElementTree.c 1128 2005-12-16T21:57:13.668520Z Fredrik $
3+
* $Id: _elementtree.c 2657 2006-03-12 20:50:32Z fredrik $
44
*
55
* elementtree accelerator
66
*
@@ -33,9 +33,11 @@
3333
* 2005-08-11 fl added runtime test for copy workaround (1.0.3)
3434
* 2005-12-13 fl added expat_capi support (for xml.etree) (1.0.4)
3535
* 2005-12-16 fl added support for non-standard encodings
36+
* 2006-03-08 fl fixed a couple of potential null-refs and leaks
37+
* 2006-03-12 fl merge in 2.5 ssize_t changes
3638
*
37-
* Copyright (c) 1999-2005 by Secret Labs AB. All rights reserved.
38-
* Copyright (c) 1999-2005 by Fredrik Lundh.
39+
* Copyright (c) 1999-2006 by Secret Labs AB. All rights reserved.
40+
* Copyright (c) 1999-2006 by Fredrik Lundh.
3941
*
4042
* [email protected]
4143
* http://www.pythonware.com
@@ -46,7 +48,7 @@
4648

4749
#include "Python.h"
4850

49-
#define VERSION "1.0.5"
51+
#define VERSION "1.0.6-snapshot"
5052

5153
/* -------------------------------------------------------------------- */
5254
/* configuration */
@@ -94,7 +96,9 @@ do { memory -= size; printf("%8d - %s\n", memory, comment); } while (0)
9496
/* compatibility macros */
9597
#if (PY_VERSION_HEX < 0x02050000)
9698
typedef int Py_ssize_t;
99+
#define lenfunc inquiry
97100
#endif
101+
98102
#if (PY_VERSION_HEX < 0x02040000)
99103
#define PyDict_CheckExact PyDict_Check
100104
#if (PY_VERSION_HEX < 0x02020000)
@@ -143,6 +147,9 @@ deepcopy(PyObject* object, PyObject* memo)
143147
}
144148

145149
args = PyTuple_New(2);
150+
if (!args)
151+
return NULL;
152+
146153
Py_INCREF(object); PyTuple_SET_ITEM(args, 0, (PyObject*) object);
147154
Py_INCREF(memo); PyTuple_SET_ITEM(args, 1, (PyObject*) memo);
148155

@@ -188,6 +195,9 @@ list_join(PyObject* list)
188195
}
189196

190197
args = PyTuple_New(1);
198+
if (!args)
199+
return NULL;
200+
191201
PyTuple_SET_ITEM(args, 0, list);
192202

193203
result = PyObject_CallObject(function, args);
@@ -513,8 +523,10 @@ subelement(PyObject* self, PyObject* args, PyObject* kw)
513523

514524
Py_DECREF(attrib);
515525

516-
if (element_add_subelement(parent, elem) < 0)
526+
if (element_add_subelement(parent, elem) < 0) {
527+
Py_DECREF(elem);
517528
return NULL;
529+
}
518530

519531
return elem;
520532
}
@@ -598,8 +610,10 @@ element_copy(ElementObject* self, PyObject* args)
598610

599611
if (self->extra) {
600612

601-
if (element_resize(element, self->extra->length) < 0)
613+
if (element_resize(element, self->extra->length) < 0) {
614+
Py_DECREF(element);
602615
return NULL;
616+
}
603617

604618
for (i = 0; i < self->extra->length; i++) {
605619
Py_INCREF(self->extra->children[i]);
@@ -902,8 +916,8 @@ element_getiterator(ElementObject* self, PyObject* args)
902916
}
903917

904918
args = PyTuple_New(2);
905-
if (args == NULL)
906-
return NULL;
919+
if (!args)
920+
return NULL;
907921

908922
Py_INCREF(self); PyTuple_SET_ITEM(args, 0, (PyObject*) self);
909923
Py_INCREF(tag); PyTuple_SET_ITEM(args, 1, (PyObject*) tag);
@@ -916,9 +930,10 @@ element_getiterator(ElementObject* self, PyObject* args)
916930
}
917931

918932
static PyObject*
919-
element_getitem(PyObject* _self, Py_ssize_t index)
933+
element_getitem(PyObject* self_, Py_ssize_t index)
920934
{
921-
ElementObject* self = (ElementObject*)_self;
935+
ElementObject* self = (ElementObject*) self_;
936+
922937
if (!self->extra || index < 0 || index >= self->extra->length) {
923938
PyErr_SetString(
924939
PyExc_IndexError,
@@ -932,9 +947,9 @@ element_getitem(PyObject* _self, Py_ssize_t index)
932947
}
933948

934949
static PyObject*
935-
element_getslice(PyObject* _self, Py_ssize_t start, Py_ssize_t end)
950+
element_getslice(PyObject* self_, Py_ssize_t start, Py_ssize_t end)
936951
{
937-
ElementObject* self = (ElementObject*)_self;
952+
ElementObject* self = (ElementObject*) self_;
938953
Py_ssize_t i;
939954
PyObject* list;
940955

@@ -1160,9 +1175,9 @@ element_set(ElementObject* self, PyObject* args)
11601175
}
11611176

11621177
static int
1163-
element_setslice(PyObject* _self, Py_ssize_t start, Py_ssize_t end, PyObject* item)
1178+
element_setslice(PyObject* self_, Py_ssize_t start, Py_ssize_t end, PyObject* item)
11641179
{
1165-
ElementObject* self = (ElementObject*)_self;
1180+
ElementObject* self = (ElementObject*) self_;
11661181
int i, new, old;
11671182
PyObject* recycle = NULL;
11681183

@@ -1231,9 +1246,9 @@ element_setslice(PyObject* _self, Py_ssize_t start, Py_ssize_t end, PyObject* it
12311246
}
12321247

12331248
static int
1234-
element_setitem(PyObject* _self, Py_ssize_t index, PyObject* item)
1249+
element_setitem(PyObject* self_, Py_ssize_t index, PyObject* item)
12351250
{
1236-
ElementObject* self = (ElementObject*)_self;
1251+
ElementObject* self = (ElementObject*) self_;
12371252
int i;
12381253
PyObject* old;
12391254

@@ -1505,12 +1520,12 @@ treebuilder_handle_start(TreeBuilderObject* self, PyObject* tag,
15051520

15061521
if (self->data) {
15071522
if (self->this == self->last) {
1508-
Py_DECREF(self->last->text);
1523+
Py_DECREF(JOIN_OBJ(self->last->text));
15091524
self->last->text = JOIN_SET(
15101525
self->data, PyList_CheckExact(self->data)
15111526
);
15121527
} else {
1513-
Py_DECREF(self->last->tail);
1528+
Py_DECREF(JOIN_OBJ(self->last->tail));
15141529
self->last->tail = JOIN_SET(
15151530
self->data, PyList_CheckExact(self->data)
15161531
);
@@ -1526,26 +1541,26 @@ treebuilder_handle_start(TreeBuilderObject* self, PyObject* tag,
15261541

15271542
if (this != Py_None) {
15281543
if (element_add_subelement((ElementObject*) this, node) < 0)
1529-
return NULL;
1544+
goto error;
15301545
} else {
15311546
if (self->root) {
15321547
PyErr_SetString(
15331548
PyExc_SyntaxError,
15341549
"multiple elements on top level"
15351550
);
1536-
return NULL;
1551+
goto error;
15371552
}
15381553
Py_INCREF(node);
15391554
self->root = node;
15401555
}
15411556

15421557
if (self->index < PyList_GET_SIZE(self->stack)) {
15431558
if (PyList_SetItem(self->stack, self->index, this) < 0)
1544-
return NULL;
1559+
goto error;
15451560
Py_INCREF(this);
15461561
} else {
15471562
if (PyList_Append(self->stack, this) < 0)
1548-
return NULL;
1563+
goto error;
15491564
}
15501565
self->index++;
15511566

@@ -1571,6 +1586,10 @@ treebuilder_handle_start(TreeBuilderObject* self, PyObject* tag,
15711586
}
15721587

15731588
return node;
1589+
1590+
error:
1591+
Py_DECREF(node);
1592+
return NULL;
15741593
}
15751594

15761595
LOCAL(PyObject*)
@@ -1612,12 +1631,12 @@ treebuilder_handle_end(TreeBuilderObject* self, PyObject* tag)
16121631

16131632
if (self->data) {
16141633
if (self->this == self->last) {
1615-
Py_DECREF(self->last->text);
1634+
Py_DECREF(JOIN_OBJ(self->last->text));
16161635
self->last->text = JOIN_SET(
16171636
self->data, PyList_CheckExact(self->data)
16181637
);
16191638
} else {
1620-
Py_DECREF(self->last->tail);
1639+
Py_DECREF(JOIN_OBJ(self->last->tail));
16211640
self->last->tail = JOIN_SET(
16221641
self->data, PyList_CheckExact(self->data)
16231642
);
@@ -2042,6 +2061,8 @@ expat_data_handler(XMLParserObject* self, const XML_Char* data_in,
20422061
PyObject* res;
20432062

20442063
data = makestring(data_in, data_len);
2064+
if (!data)
2065+
return; /* parser will look for errors */
20452066

20462067
if (TreeBuilder_CheckExact(self->target))
20472068
/* shortcut */
@@ -2207,13 +2228,14 @@ xmlparser(PyObject* _self, PyObject* args, PyObject* kw)
22072228
self->entity = PyDict_New();
22082229
if (!self->entity) {
22092230
PyObject_Del(self);
2210-
return NULL; /* FIXME: cleanup on error */
2231+
return NULL;
22112232
}
22122233

22132234
self->names = PyDict_New();
22142235
if (!self->names) {
2236+
PyObject_Del(self->entity);
22152237
PyObject_Del(self);
2216-
return NULL; /* FIXME: cleanup on error */
2238+
return NULL;
22172239
}
22182240

22192241
memory_handler.malloc_fcn = PyObject_Malloc;
@@ -2222,16 +2244,22 @@ xmlparser(PyObject* _self, PyObject* args, PyObject* kw)
22222244

22232245
self->parser = EXPAT(ParserCreate_MM)(encoding, &memory_handler, "}");
22242246
if (!self->parser) {
2247+
PyObject_Del(self->names);
2248+
PyObject_Del(self->entity);
2249+
PyObject_Del(self);
22252250
PyErr_NoMemory();
2226-
return NULL; /* FIXME: cleanup on error */
2251+
return NULL;
22272252
}
22282253

22292254
/* setup target handlers */
22302255
if (!target) {
22312256
target = treebuilder_new();
22322257
if (!target) {
2258+
EXPAT(ParserFree)(self->parser);
2259+
PyObject_Del(self->names);
2260+
PyObject_Del(self->entity);
22332261
PyObject_Del(self);
2234-
return NULL; /* FIXME: cleanup on error */
2262+
return NULL;
22352263
}
22362264
} else
22372265
Py_INCREF(target);
@@ -2594,14 +2622,14 @@ init_elementtree(void)
25942622
#endif
25952623

25962624
m = Py_InitModule("_elementtree", _functions);
2597-
if (m == NULL)
2598-
return;
2625+
if (!m)
2626+
return;
25992627

26002628
/* python glue code */
26012629

26022630
g = PyDict_New();
2603-
if (g == NULL)
2604-
return;
2631+
if (!g)
2632+
return;
26052633

26062634
PyDict_SetItemString(g, "__builtins__", PyEval_GetBuiltins());
26072635

0 commit comments

Comments
 (0)