Message 240160 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dogbert2
Recipients	dogbert2
Date	2015-04-06.17:00:27
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1428339627.31.0.628073381935.issue23878@psf.upfronthosting.co.za>
In-reply-to

Content
Hello All, In reviewing code for Python-3.4.3 in directory 'Modules/_ctypes/libffi/src/arm', file 'ffi.c', I found a pair of calls to calloc() which do not test for a return value of NULL, indicating failure. The patch file below corrects this issue: --- ffi.c.orig 2015-04-04 15:43:19.662709073 -0700 +++ ffi.c 2015-04-04 15:51:27.142665269 -0700 @@ -629,12 +629,21 @@ /* We have valid trampoline and config pages / table = calloc (1, sizeof(ffi_trampoline_table)); + if (table == NULL) { / oops, calloc() failed, now what??? / + fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__); + return NULL; / go home??? / + } table->free_count = FFI_TRAMPOLINE_COUNT; table->config_page = config_page; table->trampoline_page = trampoline_page; / Create and initialize the free list / table->free_list_pool = calloc(FFI_TRAMPOLINE_COUNT, sizeof(ffi_trampoline_table_entry)); + if (table->free_list_pool == NULL) { / oops, calloc() failed, now what / + fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__); + free(table); / free table (from previos calloc() call) / + return NULL; / go home??? * + } uint16_t i; for (i = 0; i < table->free_count; i++) { In directory 'Modules', file 'getpath.c', I found a call to fseek() which is not checked for a return value < 0, indicating failure. The patch file below corrects this issue: --- getpath.c.orig 2015-04-04 16:07:25.540472702 -0700 +++ getpath.c 2015-04-04 16:09:30.988416490 -0700 @@ -265,7 +265,9 @@ int result = 0; /* meaning not found / char buffer[MAXPATHLEN2+1]; /* allow extra for key, '=', etc. / - fseek(env_file, 0, SEEK_SET); + if (fseek(env_file, 0, SEEK_SET) < 0) + return result; + while (!feof(env_file)) { char p = fgets(buffer, MAXPATHLEN2, env_file); wchar_t tmpbuffer[MAXPATHLEN2+1]; I am attaching the patch file(s) to this bug report... Bill Parker (wp02855 at gmail dot com)

Hello All,

   In reviewing code for Python-3.4.3 in directory
'Modules/_ctypes/libffi/src/arm', file 'ffi.c', I found a pair
of calls to calloc() which do not test for a return value
of NULL, indicating failure.  The patch file below corrects
this issue:

--- ffi.c.orig  2015-04-04 15:43:19.662709073 -0700
+++ ffi.c       2015-04-04 15:51:27.142665269 -0700
@@ -629,12 +629,21 @@
 
     /* We have valid trampoline and config pages */
     table = calloc (1, sizeof(ffi_trampoline_table));
+    if (table == NULL) { /* oops, calloc() failed, now what??? */
+      fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__);
+      return NULL; /* go home??? */
+    }
     table->free_count = FFI_TRAMPOLINE_COUNT;
     table->config_page = config_page;
     table->trampoline_page = trampoline_page;
 
     /* Create and initialize the free list */
     table->free_list_pool = calloc(FFI_TRAMPOLINE_COUNT, sizeof(ffi_trampoline_table_entry));
+    if (table->free_list_pool == NULL) { /* oops, calloc() failed, now what */
+      fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__, __LINE__);
+      free(table);  /* free table (from previos calloc() call) */
+      return NULL;  /* go home??? *
+    }
 
     uint16_t i;
     for (i = 0; i < table->free_count; i++) {

In directory 'Modules', file 'getpath.c', I found a call to fseek()
which is not checked for a return value < 0, indicating failure.  The
patch file below corrects this issue:

--- getpath.c.orig      2015-04-04 16:07:25.540472702 -0700
+++ getpath.c   2015-04-04 16:09:30.988416490 -0700
@@ -265,7 +265,9 @@
     int result = 0; /* meaning not found */
     char buffer[MAXPATHLEN*2+1];  /* allow extra for key, '=', etc. */
 
-    fseek(env_file, 0, SEEK_SET);
+    if (fseek(env_file, 0, SEEK_SET) < 0)
+        return result;
+   
     while (!feof(env_file)) {
         char * p = fgets(buffer, MAXPATHLEN*2, env_file);
         wchar_t tmpbuffer[MAXPATHLEN*2+1];
		 		
I am attaching the patch file(s) to this bug report...

Bill Parker (wp02855 at gmail dot com)

History
Date	User	Action	Args
2015-04-06 17:00:27	dogbert2	set	recipients: + dogbert2
2015-04-06 17:00:27	dogbert2	set	messageid: <1428339627.31.0.628073381935.issue23878@psf.upfronthosting.co.za>
2015-04-06 17:00:27	dogbert2	link	issue23878 messages
2015-04-06 17:00:27	dogbert2	create