Even though _Py_Mangle() isn't truly public anyone can call it and

there was no verification that privateobj was a PyString.  If it wasn't
a string, this could have allowed a NULL pointer to creep in below and crash.

I wonder if this should be PyString_CheckExact?  Must identifiers be strings
or can they be subclasses?

Klocwork #275

diff --git a/Python/compile.c b/Python/compile.c
index 6a9e8c9f7e599bc3c80680659d6808f6368dfa8d..92eff00732ca454f5f0129f835c0a1251c05e656 100644 (file)
--- a/Python/compile.c
+++ b/Python/compile.c
@@ -204,8 +204,8 @@ _Py_Mangle(PyObject *privateobj, PyObject *ident)
        const char *p, *name = PyString_AsString(ident);
        char *buffer;
        size_t nlen, plen;
-       if (privateobj == NULL || name == NULL || name[0] != '_' ||
-            name[1] != '_') {
+       if (privateobj == NULL || !PyString_Check(privateobj) ||
+           name == NULL || name[0] != '_' || name[1] != '_') {
                Py_INCREF(ident);
                return ident;
        }