Message233430
+ size_t argsize = strlen(arg) + 1;
+ if (argsize > PY_SSIZE_T_MAX/sizeof(wchar_t))
+ return NULL;
+ res = PyMem_Malloc(argsize*sizeof(wchar_t));
The code doesn't check for integer overflow on "+1". I suggest instead:
+ size_t arglen = strlen(arg);
+ if (arglen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1)
+ return NULL;
+ res = PyMem_Malloc((arglen + 1) * sizeof(wchar_t)); |
|
Date |
User |
Action |
Args |
2015-01-04 22:20:02 | vstinner | set | recipients:
+ vstinner, python-dev, Guido |
2015-01-04 22:20:02 | vstinner | set | messageid: <1420410002.8.0.36856969224.issue23165@psf.upfronthosting.co.za> |
2015-01-04 22:20:02 | vstinner | link | issue23165 messages |
2015-01-04 22:20:02 | vstinner | create | |
|