Author belopolsky
Recipients belopolsky, gregory.p.smith, jnferguson, lemburg, nnorwitz
Date 2008-04-12.04:18:45
SpamBayes Score 0.0505329
Marked as misclassified No
Message-id <1207973926.69.0.239190393781.issue2620@psf.upfronthosting.co.za>
In-reply-to
Content 
The following simple change should be enough for this issue, but I would 
consider implementing the overflow check in the PyMem_RESIZE and PyMem_NEW macros and de-deprecate their use.

===================================================================
--- Objects/unicodeobject.c     (revision 62237)
+++ Objects/unicodeobject.c     (working copy)
@@ -261,8 +261,8 @@
        it contains). */
 
     oldstr = unicode->str;
-    unicode->str = PyObject_REALLOC(unicode->str,
-                                   sizeof(Py_UNICODE) * (length + 1));
+    unicode->str = SIZE_MAX/sizeof(Py_UNICODE) - 1 < length ? NULL :
+        PyObject_REALLOC(unicode->str, sizeof(Py_UNICODE) * (length + 
1));
     if (!unicode->str) {
        unicode->str = (Py_UNICODE *)oldstr;
         PyErr_NoMemory();
History
Date User Action Args
2008-04-12 04:18:47belopolskysetspambayes_score: 0.0505329 -> 0.0505329
recipients: + belopolsky, lemburg, nnorwitz, gregory.p.smith, jnferguson
2008-04-12 04:18:46belopolskysetspambayes_score: 0.0505329 -> 0.0505329
messageid: <1207973926.69.0.239190393781.issue2620@psf.upfronthosting.co.za>
2008-04-12 04:18:46belopolskylinkissue2620 messages
2008-04-12 04:18:45belopolskycreate