Index: Modules/_datetimemodule.c =================================================================== --- Modules/_datetimemodule.c (revision 87094) +++ Modules/_datetimemodule.c (working copy) @@ -1257,7 +1257,8 @@ assert(PyUnicode_Check(Zreplacement)); ptoappend = _PyUnicode_AsStringAndSize(Zreplacement, &ntoappend); - ntoappend = Py_SIZE(Zreplacement); + if (ptoappend == NULL) + goto Done; } else if (ch == 'f') { /* format microseconds */ Index: Modules/socketmodule.c =================================================================== --- Modules/socketmodule.c (revision 87094) +++ Modules/socketmodule.c (working copy) @@ -4022,8 +4022,10 @@ pptr = pbuf; } else if (PyUnicode_Check(pobj)) { pptr = _PyUnicode_AsString(pobj); + if (pptr == NULL) + goto err; } else if (PyBytes_Check(pobj)) { - pptr = PyBytes_AsString(pobj); + pptr = PyBytes_AS_STRING(pobj); } else if (pobj == Py_None) { pptr = (char *)NULL; } else { Index: Modules/_lsprof.c =================================================================== --- Modules/_lsprof.c (revision 87094) +++ Modules/_lsprof.c (working copy) @@ -178,7 +178,14 @@ PyObject *mod = fn->m_module; const char *modname; if (mod && PyUnicode_Check(mod)) { + /* XXX: The following will truncate module names with embedded + * null-characters. It is unlikely that this can happen in + * practice and the concequences are not serious enough to + * introduce extra checks here. + */ modname = _PyUnicode_AsString(mod); + if (modname == NULL) + modname = ""; } else if (mod && PyModule_Check(mod)) { modname = PyModule_GetName(mod); Index: Modules/syslogmodule.c =================================================================== --- Modules/syslogmodule.c (revision 87094) +++ Modules/syslogmodule.c (working copy) @@ -68,9 +68,9 @@ * is optional. */ - Py_ssize_t argv_len; + Py_ssize_t argv_len, scriptlen; PyObject *scriptobj; - char *atslash; + Py_UNICODE *atslash, *atstart; PyObject *argv = PySys_GetObject("argv"); if (argv == NULL) { @@ -90,13 +90,16 @@ if (!PyUnicode_Check(scriptobj)) { return(NULL); } - if (PyUnicode_GET_SIZE(scriptobj) == 0) { + scriptlen = PyUnicode_GET_SIZE(scriptobj); + if (scriptlen == 0) { return(NULL); } - atslash = strrchr(_PyUnicode_AsString(scriptobj), SEP); + atstart = PyUnicode_AS_UNICODE(scriptobj); + atslash = Py_UNICODE_strrchr(atstart, SEP); if (atslash) { - return(PyUnicode_FromString(atslash + 1)); + return(PyUnicode_FromUnicode(atslash + 1, + scriptlen - (atslash - atstart) - 1)); } else { Py_INCREF(scriptobj); return(scriptobj); @@ -113,6 +116,7 @@ long facility = LOG_USER; PyObject *new_S_ident_o = NULL; static char *keywords[] = {"ident", "logoption", "facility", 0}; + char *S_ident_o_str; if (!PyArg_ParseTupleAndKeywords(args, kwds, "|Ull:openlog", keywords, &new_S_ident_o, &logopt, &facility)) @@ -130,12 +134,19 @@ Py_XDECREF(S_ident_o); S_ident_o = new_S_ident_o; + if (S_ident_o) { + S_ident_o_str = _PyUnicode_AsString(S_ident_o); + if (S_ident_o_str == NULL) + return NULL; + } else + S_ident_o_str = NULL; + /* At this point, S_ident_o should be INCREF()ed. openlog(3) does not * make a copy, and syslog(3) later uses it. We can't garbagecollect it * If NULL, just let openlog figure it out (probably using C argv[0]). */ - openlog(S_ident_o ? _PyUnicode_AsString(S_ident_o) : NULL, logopt, facility); + openlog(S_ident_o_str, logopt, facility); S_log_open = 1; Py_INCREF(Py_None); Index: Modules/pyexpat.c =================================================================== --- Modules/pyexpat.c (revision 87094) +++ Modules/pyexpat.c (working copy) @@ -1243,6 +1243,9 @@ if (PyUnicode_Check(nameobj)) name = _PyUnicode_AsString(nameobj); + if (name == NULL) + name = ""; + handlernum = handlername2int(name); if (handlernum != -1) { Index: Modules/parsermodule.c =================================================================== --- Modules/parsermodule.c (revision 87094) +++ Modules/parsermodule.c (working copy) @@ -792,6 +792,11 @@ } } temp_str = _PyUnicode_AsStringAndSize(temp, &len); + if (temp_str == NULL) { + Py_DECREF(temp); + Py_XDECREF(elem); + return 0; + } strn = (char *)PyObject_MALLOC(len + 1); if (strn != NULL) (void) memcpy(strn, temp_str, len + 1); @@ -870,6 +875,8 @@ encoding = PySequence_GetItem(tuple, 2); /* tuple isn't borrowed anymore here, need to DECREF */ tuple = PySequence_GetSlice(tuple, 0, 2); + if (tuple == NULL) + return NULL; } res = PyNode_New(num); if (res != NULL) { @@ -881,6 +888,12 @@ Py_ssize_t len; const char *temp; temp = _PyUnicode_AsStringAndSize(encoding, &len); + if (temp == NULL) { + Py_DECREF(res); + Py_DECREF(encoding); + Py_DECREF(tuple); + return NULL; + } res->n_str = (char *)PyObject_MALLOC(len + 1); if (res->n_str != NULL && temp != NULL) (void) memcpy(res->n_str, temp, len + 1); Index: Modules/_elementtree.c =================================================================== --- Modules/_elementtree.c (revision 87094) +++ Modules/_elementtree.c (working copy) @@ -1483,6 +1483,9 @@ if (PyUnicode_Check(nameobj)) name = _PyUnicode_AsString(nameobj); + + if (name == NULL) + return NULL; /* handle common attributes first */ if (strcmp(name, "tag") == 0) { @@ -2195,7 +2198,10 @@ } else if (!PyErr_Occurred()) { /* Report the first error, not the last */ char message[128]; - sprintf(message, "undefined entity &%.100s;", _PyUnicode_AsString(key)); + char *keystr = _PyUnicode_AsString(key); + if (keystr == NULL) + keystr = ""; + sprintf(message, "undefined entity &%.100s;", keystr); expat_set_error( message, EXPAT(GetErrorLineNumber)(self->parser), @@ -2799,8 +2805,11 @@ PyObject* res; char *name = ""; - if (PyUnicode_Check(nameobj)) + if (PyUnicode_Check(nameobj)) { name = _PyUnicode_AsString(nameobj); + if (name == NULL) + name = ""; + } PyErr_Clear(); Index: Modules/_testcapimodule.c =================================================================== --- Modules/_testcapimodule.c (revision 87094) +++ Modules/_testcapimodule.c (working copy) @@ -1741,15 +1741,16 @@ { PyObject *result; char *msg; + Py_UNICODE one[] = {'1', 0}; -#define CHECK_1_FORMAT(FORMAT, TYPE) \ - result = PyUnicode_FromFormat(FORMAT, (TYPE)1); \ - if (result == NULL) \ - return NULL; \ - if (strcmp(_PyUnicode_AsString(result), "1")) { \ - msg = FORMAT " failed at 1"; \ - goto Fail; \ - } \ +#define CHECK_1_FORMAT(FORMAT, TYPE) \ + result = PyUnicode_FromFormat(FORMAT, (TYPE)1); \ + if (result == NULL) \ + return NULL; \ + if (Py_UNICODE_strcmp(PyUnicode_AS_UNICODE(result), one)) { \ + msg = FORMAT " failed at 1"; \ + goto Fail; \ + } \ Py_DECREF(result) CHECK_1_FORMAT("%d", int);