From a2269d074b02440b7a9c22115454ad7e33aeb3f4 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Mon, 16 Feb 2015 13:16:07 +0200 Subject: [PATCH] Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer overflows. Added few missed PyErr_NoMemory(). --- Modules/_ctypes/_ctypes.c | 9 ++++++--- Modules/_ctypes/stgdict.c | 12 ++++++++---- Modules/_localemodule.c | 4 ++-- Modules/_ssl.c | 7 ++++--- Python/peephole.c | 8 +++++--- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c index 39e1ce4502..555600d4fc 100644 --- a/Modules/_ctypes/_ctypes.c +++ b/Modules/_ctypes/_ctypes.c @@ -4469,8 +4469,11 @@ Array_subscript(PyObject *_self, PyObject *item) slicelen); } - dest = (wchar_t *)PyMem_Malloc( - slicelen * sizeof(wchar_t)); + dest = PyMem_New(wchar_t, slicelen); + if (dest == NULL) { + PyErr_NoMemory(); + return NULL; + } for (cur = start, i = 0; i < slicelen; cur += step, i++) { @@ -5250,7 +5253,7 @@ Pointer_subscript(PyObject *_self, PyObject *item) return PyUnicode_FromWideChar(ptr + start, len); } - dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t)); + dest = PyMem_New(wchar_t, len); if (dest == NULL) return PyErr_NoMemory(); for (cur = start, i = 0; i < len; cur += step, i++) { diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c index 95fa0f591e..17b9760143 100644 --- a/Modules/_ctypes/stgdict.c +++ b/Modules/_ctypes/stgdict.c @@ -80,14 +80,18 @@ PyCStgDict_clone(StgDictObject *dst, StgDictObject *src) if (src->format) { dst->format = PyMem_Malloc(strlen(src->format) + 1); - if (dst->format == NULL) + if (dst->format == NULL) { + PyErr_NoMemory(); return -1; + } strcpy(dst->format, src->format); } if (src->shape) { dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim); - if (dst->shape == NULL) + if (dst->shape == NULL) { + PyErr_NoMemory(); return -1; + } memcpy(dst->shape, src->shape, sizeof(Py_ssize_t) * src->ndim); } @@ -388,7 +392,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct union_size = 0; total_align = align ? align : 1; stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT; - stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1)); + stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1); if (stgdict->ffi_type_pointer.elements == NULL) { PyErr_NoMemory(); return -1; @@ -406,7 +410,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct union_size = 0; total_align = 1; stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT; - stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1)); + stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1); if (stgdict->ffi_type_pointer.elements == NULL) { PyErr_NoMemory(); return -1; diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c index 253a4dcb76..fe7b0989b4 100644 --- a/Modules/_localemodule.c +++ b/Modules/_localemodule.c @@ -314,7 +314,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args) } /* Convert the unicode strings to wchar[]. */ len1 = PyUnicode_GET_SIZE(os1) + 1; - ws1 = PyMem_MALLOC(len1 * sizeof(wchar_t)); + ws1 = PyMem_NEW(wchar_t, len1); if (!ws1) { PyErr_NoMemory(); goto done; @@ -323,7 +323,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args) goto done; ws1[len1 - 1] = 0; len2 = PyUnicode_GET_SIZE(os2) + 1; - ws2 = PyMem_MALLOC(len2 * sizeof(wchar_t)); + ws2 = PyMem_NEW(wchar_t, len2); if (!ws2) { PyErr_NoMemory(); goto done; diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 9dc085922a..e0d888e389 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -3891,10 +3891,11 @@ static int _setup_ssl_threads(void) { if (_ssl_locks == NULL) { _ssl_locks_count = CRYPTO_num_locks(); - _ssl_locks = (PyThread_type_lock *) - PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count); - if (_ssl_locks == NULL) + _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count); + if (_ssl_locks == NULL) { + PyErr_NoMemory(); return 0; + } memset(_ssl_locks, 0, sizeof(PyThread_type_lock) * _ssl_locks_count); for (i = 0; i < _ssl_locks_count; i++) { diff --git a/Python/peephole.c b/Python/peephole.c index fb6cd03c86..e3bc004ae2 100644 --- a/Python/peephole.c +++ b/Python/peephole.c @@ -242,7 +242,7 @@ fold_unaryops_on_constants(unsigned char *codestr, PyObject *consts) static unsigned int * markblocks(unsigned char *code, Py_ssize_t len) { - unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int)); + unsigned int *blocks = PyMem_New(unsigned int, len); int i,j, opcode, blockcnt = 0; if (blocks == NULL) { @@ -343,9 +343,11 @@ PyCode_Optimize(PyObject *code, PyObject* consts, PyObject *names, goto exitUnchanged; /* Mapping to new jump targets after NOPs are removed */ - addrmap = (int *)PyMem_Malloc(codelen * sizeof(int)); - if (addrmap == NULL) + addrmap = PyMem_New(int, codelen); + if (addrmap == NULL) { + PyErr_NoMemory(); goto exitError; + } blocks = markblocks(codestr, codelen); if (blocks == NULL) -- 2.50.1