New submission from Bill Parker:
Hello All,
In reviewing code in Python-3.4.3/PC/_msi.c, I found a call to malloc() at
line 326 in function 'static PyObject* msierror(int status)' in which the call
is made and assigned to variable 'res', but no check for NULL, indicating
failure is made afterwards. The patch below corrects this issue:
--- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700
+++ _msi.c 2015-04-02 15:02:43.382099357 -0700
@@ -324,6 +324,10 @@
code = MsiRecordGetInteger(err, 1); /* XXX code */
if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) {
res = malloc(size+1);
+ if (res == NULL) /* malloc() failed, out of memory... */
+ PyErr_SetString(MSIError, "out of memory");
+ return NULL;
+ }
MsiFormatRecord(0, err, res, &size);
res[size]='\0';
}
----------
components: Windows
files: _msi.c.patch
keywords: patch
messages: 239948
nosy: dogbert2, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Missing Sanity Check for malloc() in PC/_msi.c
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file38811/_msi.c.patch
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23855>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
