Message 233430 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	Guido, python-dev, vstinner
Date	2015-01-04.22:20:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1420410002.8.0.36856969224.issue23165@psf.upfronthosting.co.za>
In-reply-to

Content
+ size_t argsize = strlen(arg) + 1; + if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t)) + return NULL; + res = PyMem_Malloc(argsizesizeof(wchar_t)); The code doesn't check for integer overflow on "+1". I suggest instead: + size_t arglen = strlen(arg); + if (arglen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1) + return NULL; + res = PyMem_Malloc((arglen + 1) sizeof(wchar_t));

+    size_t argsize = strlen(arg) + 1; 
+    if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
+        return NULL;
+    res = PyMem_Malloc(argsize*sizeof(wchar_t));

The code doesn't check for integer overflow on "+1". I suggest instead:

+    size_t arglen = strlen(arg); 
+    if (arglen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1)
+        return NULL;
+    res = PyMem_Malloc((arglen + 1) * sizeof(wchar_t));

History
Date	User	Action	Args
2015-01-04 22:20:02	vstinner	set	recipients: + vstinner, python-dev, Guido
2015-01-04 22:20:02	vstinner	set	messageid: <1420410002.8.0.36856969224.issue23165@psf.upfronthosting.co.za>
2015-01-04 22:20:02	vstinner	link	issue23165 messages
2015-01-04 22:20:02	vstinner	create