Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Sanity Check for malloc() in PC/_msi.c #68043

Closed
dogbert2 mannequin opened this issue Apr 2, 2015 · 7 comments
Closed

Missing Sanity Check for malloc() in PC/_msi.c #68043

dogbert2 mannequin opened this issue Apr 2, 2015 · 7 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes OS-windows type-bug An unexpected behavior, bug, or error

Comments

@dogbert2
Copy link
Mannequin

dogbert2 mannequin commented Apr 2, 2015

BPO 23855
Nosy @tjguk, @berkerpeksag, @zware, @zooba, @ZackerySpytz, @miss-islington
PRs
  • bpo-23855: Add missing NULL checks for malloc() in _msi.c #9038
  • [3.7] bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038) #9110
  • [3.6] bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038) #9115
  • [2.7] bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038) #9116
    		•
    Files
  • _msi.c.patch: Patch File (diff -u) for this bug
  • _msi.c.patch: Updated patch file for first bug report
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2018-09-08.01:59:29.435>
created_at = <Date 2015-04-02.22:11:43.674>
labels = ['3.8', 'type-bug', '3.7', 'OS-windows']
title = 'Missing Sanity Check for malloc() in PC/_msi.c'
updated_at = <Date 2018-09-11.06:52:17.237>
user = 'https://bugs.python.org/dogbert2'

    bugs.python.org fields:

    activity = <Date 2018-09-11.06:52:17.237>
actor = 'ZackerySpytz'
assignee = 'none'
closed = True
closed_date = <Date 2018-09-08.01:59:29.435>
closer = 'berker.peksag'
components = ['Windows']
creation = <Date 2015-04-02.22:11:43.674>
creator = 'dogbert2'
dependencies = []
files = ['38811', '38847']
hgrepos = []
issue_num = 23855
keywords = ['patch']
message_count = 7.0
messages = ['239948', '240159', '324492', '324803', '324808', '324934', '324935']
nosy_count = 7.0
nosy_names = ['tim.golden', 'berker.peksag', 'zach.ware', 'steve.dower', 'dogbert2', 'ZackerySpytz', 'miss-islington']
pr_nums = ['9038', '9110', '9115', '9116']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue23855'
versions = ['Python 2.7', 'Python 3.6', 'Python 3.7', 'Python 3.8']
    @dogbert2
    Copy link
    Mannequin Author

    dogbert2 mannequin commented Apr 2, 2015

    Hello All,

    In reviewing code in Python-3.4.3/PC/_msi.c, I found a call to malloc() at line 326 in function 'static PyObject* msierror(int status)' in which the call is made and assigned to variable 'res', but no check for NULL, indicating failure is made afterwards. The patch below corrects this issue:

    --- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700
+++ _msi.c      2015-04-02 15:02:43.382099357 -0700
@@ -324,6 +324,10 @@
     code = MsiRecordGetInteger(err, 1); /* XXX code */
     if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) {
         res = malloc(size+1);
+       if (res == NULL) /* malloc() failed, out of memory... */
+           PyErr_SetString(MSIError, "out of memory");
+           return NULL;
+       }
         MsiFormatRecord(0, err, res, &size);
         res[size]='\0';
     }

    @dogbert2 dogbert2 mannequin added OS-windows type-bug An unexpected behavior, bug, or error labels Apr 2, 2015
    @dogbert2
    Copy link
    Mannequin Author

    dogbert2 mannequin commented Apr 6, 2015

    In directory 'PC', file '_msi.c', I found another call to
    malloc() which was not checked for a return value of NULL
    which would indicate failure. The new patch file is below:

    --- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700
+++ _msi.c      2015-04-04 16:36:56.919605881 -0700
@@ -324,6 +324,10 @@
     code = MsiRecordGetInteger(err, 1); /* XXX code */
     if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) {
         res = malloc(size+1);
+       if (res == NULL) /* malloc() failed, out of memory... */
+           PyErr_SetString(MSIError, "out of memory");
+           return NULL;
+       }
         MsiFormatRecord(0, err, res, &size);
         res[size]='\0';
     }
@@ -547,6 +551,10 @@
         &fval, sval, &ssize);
     if (status == ERROR_MORE_DATA) {
         sval = malloc(ssize);
+       if (sval == NULL) { /* malloc() failed, out of memory... */
+           PyErr_SetString(MSIError, "out of memory");
+           return NULL;
+       }
         status = MsiSummaryInfoGetProperty(si->h, field, &type, &ival,
             &fval, sval, &ssize);
     }

    @ZackerySpytz
    Copy link
    Mannequin

    ZackerySpytz mannequin commented Sep 3, 2018

    The suggested patch is not acceptable: MemoryError should be raised in the unlikely event of a malloc() failure, there's a missing call to MsiCloseHandle(), the use of tabs violates PEP-7, and there's a blatant syntax error.

    @ZackerySpytz ZackerySpytz mannequin added 3.7 (EOL) end of life 3.8 only security fixes labels Sep 3, 2018
    @berkerpeksag
    Copy link
    Member

    New changeset 4e51937 by Berker Peksag (Zackery Spytz) in branch 'master':
    bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038)
    4e51937

    @miss-islington
    Copy link
    Contributor

    New changeset 7399407 by Miss Islington (bot) in branch '3.7':
    bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038)
    7399407

    @miss-islington
    Copy link
    Contributor

    New changeset f51a466 by Miss Islington (bot) in branch '2.7':
    bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038)
    f51a466

    @miss-islington
    Copy link
    Contributor

    New changeset 8a0c254 by Miss Islington (bot) in branch '3.6':
    bpo-23855: Add missing NULL checks for malloc() in _msi.c (GH-9038)
    8a0c254

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes OS-windows type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @berkerpeksag @miss-islington