Author vstinner
Recipients Guido, python-dev, vstinner
Date 2015-01-04.22:20:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1420410002.8.0.36856969224.issue23165@psf.upfronthosting.co.za>
In-reply-to
Content
+    size_t argsize = strlen(arg) + 1; 
+    if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
+        return NULL;
+    res = PyMem_Malloc(argsize*sizeof(wchar_t));

The code doesn't check for integer overflow on "+1". I suggest instead:

+    size_t arglen = strlen(arg); 
+    if (arglen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1)
+        return NULL;
+    res = PyMem_Malloc((arglen + 1) * sizeof(wchar_t));
History
Date User Action Args
2015-01-04 22:20:02vstinnersetrecipients: + vstinner, python-dev, Guido
2015-01-04 22:20:02vstinnersetmessageid: <1420410002.8.0.36856969224.issue23165@psf.upfronthosting.co.za>
2015-01-04 22:20:02vstinnerlinkissue23165 messages
2015-01-04 22:20:02vstinnercreate