Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6c7a52a

Browse files
author
Victor Stinner
committed
Check for PyUnicode_CopyCharacters() failure
1 parent be78eaf commit 6c7a52a

2 files changed

Lines changed: 87 additions & 43 deletions

File tree

Objects/unicodeobject.c

Lines changed: 79 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1784,9 +1784,10 @@ PyUnicode_FromFormatV(const char *format, va_list vargs)
17841784
(void) va_arg(vargs, char *);
17851785
size = PyUnicode_GET_LENGTH(*callresult);
17861786
assert(PyUnicode_KIND(*callresult) <= PyUnicode_KIND(string));
1787-
PyUnicode_CopyCharacters((PyObject*)string, i,
1788-
*callresult, 0,
1789-
size);
1787+
if (PyUnicode_CopyCharacters((PyObject*)string, i,
1788+
*callresult, 0,
1789+
size) < 0)
1790+
goto fail;
17901791
i += size;
17911792
/* We're done with the unicode()/repr() => forget it */
17921793
Py_DECREF(*callresult);
@@ -1800,9 +1801,10 @@ PyUnicode_FromFormatV(const char *format, va_list vargs)
18001801
Py_ssize_t size;
18011802
assert(PyUnicode_KIND(obj) <= PyUnicode_KIND(string));
18021803
size = PyUnicode_GET_LENGTH(obj);
1803-
PyUnicode_CopyCharacters((PyObject*)string, i,
1804-
obj, 0,
1805-
size);
1804+
if (PyUnicode_CopyCharacters((PyObject*)string, i,
1805+
obj, 0,
1806+
size) < 0)
1807+
goto fail;
18061808
i += size;
18071809
break;
18081810
}
@@ -1814,17 +1816,19 @@ PyUnicode_FromFormatV(const char *format, va_list vargs)
18141816
if (obj) {
18151817
size = PyUnicode_GET_LENGTH(obj);
18161818
assert(PyUnicode_KIND(obj) <= PyUnicode_KIND(string));
1817-
PyUnicode_CopyCharacters((PyObject*)string, i,
1818-
obj, 0,
1819-
size);
1819+
if (PyUnicode_CopyCharacters((PyObject*)string, i,
1820+
obj, 0,
1821+
size) < 0)
1822+
goto fail;
18201823
i += size;
18211824
} else {
18221825
size = PyUnicode_GET_LENGTH(*callresult);
18231826
assert(PyUnicode_KIND(*callresult) <=
18241827
PyUnicode_KIND(string));
1825-
PyUnicode_CopyCharacters((PyObject*)string, i,
1826-
*callresult,
1827-
0, size);
1828+
if (PyUnicode_CopyCharacters((PyObject*)string, i,
1829+
*callresult,
1830+
0, size) < 0)
1831+
goto fail;
18281832
i += size;
18291833
Py_DECREF(*callresult);
18301834
}
@@ -1838,9 +1842,10 @@ PyUnicode_FromFormatV(const char *format, va_list vargs)
18381842
/* unused, since we already have the result */
18391843
(void) va_arg(vargs, PyObject *);
18401844
assert(PyUnicode_KIND(*callresult) <= PyUnicode_KIND(string));
1841-
PyUnicode_CopyCharacters((PyObject*)string, i,
1842-
*callresult, 0,
1843-
PyUnicode_GET_LENGTH(*callresult));
1845+
if (PyUnicode_CopyCharacters((PyObject*)string, i,
1846+
*callresult, 0,
1847+
PyUnicode_GET_LENGTH(*callresult)) < 0)
1848+
goto fail;
18441849
i += PyUnicode_GET_LENGTH(*callresult);
18451850
/* We're done with the unicode()/repr() => forget it */
18461851
Py_DECREF(*callresult);
@@ -8141,8 +8146,7 @@ fixup(PyUnicodeObject *self,
81418146
else {
81428147
/* In case the maximum character changed, we need to
81438148
convert the string to the new category. */
8144-
PyObject *v = PyUnicode_New(
8145-
PyUnicode_GET_LENGTH(self), maxchar_new);
8149+
PyObject *v = PyUnicode_New(PyUnicode_GET_LENGTH(self), maxchar_new);
81468150
if (v == NULL) {
81478151
Py_DECREF(u);
81488152
return NULL;
@@ -8151,12 +8155,25 @@ fixup(PyUnicodeObject *self,
81518155
/* If the maxchar increased so that the kind changed, not all
81528156
characters are representable anymore and we need to fix the
81538157
string again. This only happens in very few cases. */
8154-
PyUnicode_CopyCharacters(v, 0, (PyObject*)self, 0, PyUnicode_GET_LENGTH(self));
8158+
if (PyUnicode_CopyCharacters(v, 0,
8159+
(PyObject*)self, 0,
8160+
PyUnicode_GET_LENGTH(self)) < 0)
8161+
{
8162+
Py_DECREF(u);
8163+
return NULL;
8164+
}
81558165
maxchar_old = fixfct((PyUnicodeObject*)v);
81568166
assert(maxchar_old > 0 && maxchar_old <= maxchar_new);
81578167
}
8158-
else
8159-
PyUnicode_CopyCharacters(v, 0, u, 0, PyUnicode_GET_LENGTH(self));
8168+
else {
8169+
if (PyUnicode_CopyCharacters(v, 0,
8170+
u, 0,
8171+
PyUnicode_GET_LENGTH(self)) < 0)
8172+
{
8173+
Py_DECREF(u);
8174+
return NULL;
8175+
}
8176+
}
81608177

81618178
Py_DECREF(u);
81628179
return v;
@@ -8455,12 +8472,14 @@ PyUnicode_Join(PyObject *separator, PyObject *seq)
84558472
itemlen = PyUnicode_GET_LENGTH(item);
84568473
/* Copy item, and maybe the separator. */
84578474
if (i) {
8458-
PyUnicode_CopyCharacters(res, res_offset,
8459-
sep, 0, seplen);
8475+
if (PyUnicode_CopyCharacters(res, res_offset,
8476+
sep, 0, seplen) < 0)
8477+
goto onError;
84608478
res_offset += seplen;
84618479
}
8462-
PyUnicode_CopyCharacters(res, res_offset,
8463-
item, 0, itemlen);
8480+
if (PyUnicode_CopyCharacters(res, res_offset,
8481+
item, 0, itemlen) < 0)
8482+
goto onError;
84648483
res_offset += itemlen;
84658484
}
84668485
assert(res_offset == PyUnicode_GET_LENGTH(res));
@@ -8508,6 +8527,8 @@ pad(PyUnicodeObject *self,
85088527
{
85098528
PyObject *u;
85108529
Py_UCS4 maxchar;
8530+
int kind;
8531+
void *data;
85118532

85128533
if (left < 0)
85138534
left = 0;
@@ -8528,14 +8549,21 @@ pad(PyUnicodeObject *self,
85288549
if (fill > maxchar)
85298550
maxchar = fill;
85308551
u = PyUnicode_New(left + _PyUnicode_LENGTH(self) + right, maxchar);
8531-
if (u) {
8532-
int kind = PyUnicode_KIND(u);
8533-
void *data = PyUnicode_DATA(u);
8534-
if (left)
8535-
FILL(kind, data, fill, 0, left);
8536-
if (right)
8537-
FILL(kind, data, fill, left + _PyUnicode_LENGTH(self), right);
8538-
PyUnicode_CopyCharacters(u, left, (PyObject*)self, 0, _PyUnicode_LENGTH(self));
8552+
if (!u)
8553+
return NULL;
8554+
8555+
kind = PyUnicode_KIND(u);
8556+
data = PyUnicode_DATA(u);
8557+
if (left)
8558+
FILL(kind, data, fill, 0, left);
8559+
if (right)
8560+
FILL(kind, data, fill, left + _PyUnicode_LENGTH(self), right);
8561+
if (PyUnicode_CopyCharacters(u, left,
8562+
(PyObject*)self, 0,
8563+
_PyUnicode_LENGTH(self)) < 0)
8564+
{
8565+
Py_DECREF(u);
8566+
return NULL;
85398567
}
85408568

85418569
return (PyUnicodeObject*)u;
@@ -8821,8 +8849,12 @@ replace(PyObject *self, PyObject *str1,
88218849
u = PyUnicode_New(slen, maxchar);
88228850
if (!u)
88238851
goto error;
8824-
PyUnicode_CopyCharacters(u, 0,
8825-
(PyObject*)self, 0, slen);
8852+
if (PyUnicode_CopyCharacters(u, 0,
8853+
(PyObject*)self, 0, slen) < 0)
8854+
{
8855+
Py_DECREF(u);
8856+
return NULL;
8857+
}
88268858
rkind = PyUnicode_KIND(u);
88278859
for (i = 0; i < PyUnicode_GET_LENGTH(u); i++)
88288860
if (PyUnicode_READ(rkind, PyUnicode_DATA(u), i) == u1) {
@@ -9437,18 +9469,20 @@ PyUnicode_Concat(PyObject *left, PyObject *right)
94379469
goto onError;
94389470

94399471
maxchar = PyUnicode_MAX_CHAR_VALUE(u);
9440-
if (PyUnicode_MAX_CHAR_VALUE(v) > maxchar)
9441-
maxchar = PyUnicode_MAX_CHAR_VALUE(v);
9472+
maxchar = PY_MAX(maxchar, PyUnicode_MAX_CHAR_VALUE(v));
94429473

94439474
/* Concat the two Unicode strings */
94449475
w = PyUnicode_New(
94459476
PyUnicode_GET_LENGTH(u) + PyUnicode_GET_LENGTH(v),
94469477
maxchar);
94479478
if (w == NULL)
94489479
goto onError;
9449-
PyUnicode_CopyCharacters(w, 0, u, 0, PyUnicode_GET_LENGTH(u));
9450-
PyUnicode_CopyCharacters(w, PyUnicode_GET_LENGTH(u), v, 0,
9451-
PyUnicode_GET_LENGTH(v));
9480+
if (PyUnicode_CopyCharacters(w, 0, u, 0, PyUnicode_GET_LENGTH(u)) < 0)
9481+
goto onError;
9482+
if (PyUnicode_CopyCharacters(w, PyUnicode_GET_LENGTH(u),
9483+
v, 0,
9484+
PyUnicode_GET_LENGTH(v)) < 0)
9485+
goto onError;
94529486
Py_DECREF(u);
94539487
Py_DECREF(v);
94549488
return w;
@@ -10396,8 +10430,12 @@ substring(PyUnicodeObject *self, Py_ssize_t start, Py_ssize_t len)
1039610430
unicode = PyUnicode_New(len, maxchar);
1039710431
if (unicode == NULL)
1039810432
return NULL;
10399-
PyUnicode_CopyCharacters(unicode, 0,
10400-
(PyObject*)self, start, len);
10433+
if (PyUnicode_CopyCharacters(unicode, 0,
10434+
(PyObject*)self, start, len) < 0)
10435+
{
10436+
Py_DECREF(unicode);
10437+
return NULL;
10438+
}
1040110439
return unicode;
1040210440
}
1040310441

Python/compile.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -245,8 +245,14 @@ _Py_Mangle(PyObject *privateobj, PyObject *ident)
245245
return 0;
246246
/* ident = "_" + priv[ipriv:] + ident # i.e. 1+plen+nlen bytes */
247247
PyUnicode_WRITE(PyUnicode_KIND(result), PyUnicode_DATA(result), 0, '_');
248-
PyUnicode_CopyCharacters(result, 1, privateobj, ipriv, plen);
249-
PyUnicode_CopyCharacters(result, plen+1, ident, 0, nlen);
248+
if (PyUnicode_CopyCharacters(result, 1, privateobj, ipriv, plen) < 0) {
249+
Py_DECREF(result);
250+
return NULL;
251+
}
252+
if (PyUnicode_CopyCharacters(result, plen+1, ident, 0, nlen) < 0) {
253+
Py_DECREF(result);
254+
return NULL;
255+
}
250256
return result;
251257
}
252258

0 commit comments

Comments
 (0)