[issue23855] Missing Sanity Check for malloc() in PC/_msi.c
New submission from Bill Parker:
Hello All,
In reviewing code in Python-3.4.3/PC/_msi.c, I found a call to malloc() at
line 326 in function 'static PyObject* msierror(int status)' in which the call
is made and assigned to variable 'res', but no check for NULL, indicating
failure is made afterwards. The patch below corrects this issue:
--- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700
+++ _msi.c 2015-04-02 15:02:43.382099357 -0700
@@ -324,6 +324,10 @@
code = MsiRecordGetInteger(err, 1); /* XXX code */
if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) {
res = malloc(size+1);
+ if (res == NULL) /* malloc() failed, out of memory... */
+ PyErr_SetString(MSIError, "out of memory");
+ return NULL;
+ }
MsiFormatRecord(0, err, res, &size);
res[size]='\0';
}
--
components: Windows
files: _msi.c.patch
keywords: patch
messages: 239948
nosy: dogbert2, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Missing Sanity Check for malloc() in PC/_msi.c
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file38811/_msi.c.patch
___
Python tracker
<http://bugs.python.org/issue23855>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23860] Failure to check return value from lseek() in Modules/mmapmodule.c
New submission from Bill Parker:
Hello All,
In reviewing code in directory Python-3.4.3/Modules, file
'mmapmodule', I found a call to 'lseek()' without a check for
a return value of -1, indicating failure. The patch file below
corrects this issue (diff -u format):
--- mmapmodule.c.orig 2015-04-02 19:05:30.380554538 -0700
+++ mmapmodule.c2015-04-02 19:11:00.320488207 -0700
@@ -1335,7 +1335,11 @@
return NULL;
}
/* Win9x appears to need us seeked to zero */
-lseek(fileno, 0, SEEK_SET);
+ if (lseek(fileno, 0, SEEK_SET) == -1) { /* call to lseek() failed */
+ PyErr_SetFromErrno(PyExc_OSError);
+ return NULL;
+ }
+
}
m_obj = (mmap_object *)type->tp_alloc(type, 0);
I am attaching the patch file to this bug report...
--
components: Interpreter Core
files: mmapmodule.c.patch
keywords: patch
messages: 240015
nosy: dogbert2
priority: normal
severity: normal
status: open
title: Failure to check return value from lseek() in Modules/mmapmodule.c
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file38823/mmapmodule.c.patch
___
Python tracker
<http://bugs.python.org/issue23860>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23860] Failure to check return value from lseek() in Modules/mmapmodule.c
Bill Parker added the comment: I would check 23855 as well, since the malloc() missing a sanity check, which could be a more serious issue .. On Sat, Apr 4, 2015 at 1:32 AM, Berker Peksag wrote: > > Berker Peksag added the comment: > > Thanks for the patch, Bill. If you want to work on similar issues see also > issue 15948. > > -- > components: +Extension Modules -Interpreter Core > nosy: +berker.peksag, haypo, serhiy.storchaka > stage: -> patch review > versions: +Python 3.5 > > ___ > Python tracker > <http://bugs.python.org/issue23860> > ___ > -- ___ Python tracker <http://bugs.python.org/issue23860> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23855] Missing Sanity Check for malloc() in PC/_msi.c
Bill Parker added the comment:
In directory 'PC', file '_msi.c', I found another call to
malloc() which was not checked for a return value of NULL
which would indicate failure. The new patch file is below:
--- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700
+++ _msi.c 2015-04-04 16:36:56.919605881 -0700
@@ -324,6 +324,10 @@
code = MsiRecordGetInteger(err, 1); /* XXX code */
if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) {
res = malloc(size+1);
+ if (res == NULL) /* malloc() failed, out of memory... */
+ PyErr_SetString(MSIError, "out of memory");
+ return NULL;
+ }
MsiFormatRecord(0, err, res, &size);
res[size]='\0';
}
@@ -547,6 +551,10 @@
&fval, sval, &ssize);
if (status == ERROR_MORE_DATA) {
sval = malloc(ssize);
+ if (sval == NULL) { /* malloc() failed, out of memory... */
+ PyErr_SetString(MSIError, "out of memory");
+ return NULL;
+ }
status = MsiSummaryInfoGetProperty(si->h, field, &type, &ival,
&fval, sval, &ssize);
}
--
Added file: http://bugs.python.org/file38847/_msi.c.patch
___
Python tracker
<http://bugs.python.org/issue23855>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23878] Missing sanity checks for various C library function calls...
New submission from Bill Parker:
Hello All,
In reviewing code for Python-3.4.3 in directory
'Modules/_ctypes/libffi/src/arm', file 'ffi.c', I found a pair
of calls to calloc() which do not test for a return value
of NULL, indicating failure. The patch file below corrects
this issue:
--- ffi.c.orig 2015-04-04 15:43:19.662709073 -0700
+++ ffi.c 2015-04-04 15:51:27.142665269 -0700
@@ -629,12 +629,21 @@
/* We have valid trampoline and config pages */
table = calloc (1, sizeof(ffi_trampoline_table));
+if (table == NULL) { /* oops, calloc() failed, now what??? */
+ fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__,
__LINE__);
+ return NULL; /* go home??? */
+}
table->free_count = FFI_TRAMPOLINE_COUNT;
table->config_page = config_page;
table->trampoline_page = trampoline_page;
/* Create and initialize the free list */
table->free_list_pool = calloc(FFI_TRAMPOLINE_COUNT,
sizeof(ffi_trampoline_table_entry));
+if (table->free_list_pool == NULL) { /* oops, calloc() failed, now what */
+ fprintf(stderr, "vm calloc() failure: %d at %s:%d\n", kt, __FILE__,
__LINE__);
+ free(table); /* free table (from previos calloc() call) */
+ return NULL; /* go home??? *
+}
uint16_t i;
for (i = 0; i < table->free_count; i++) {
In directory 'Modules', file 'getpath.c', I found a call to fseek()
which is not checked for a return value < 0, indicating failure. The
patch file below corrects this issue:
--- getpath.c.orig 2015-04-04 16:07:25.540472702 -0700
+++ getpath.c 2015-04-04 16:09:30.988416490 -0700
@@ -265,7 +265,9 @@
int result = 0; /* meaning not found */
char buffer[MAXPATHLEN*2+1]; /* allow extra for key, '=', etc. */
-fseek(env_file, 0, SEEK_SET);
+if (fseek(env_file, 0, SEEK_SET) < 0)
+return result;
+
while (!feof(env_file)) {
char * p = fgets(buffer, MAXPATHLEN*2, env_file);
wchar_t tmpbuffer[MAXPATHLEN*2+1];
I am attaching the patch file(s) to this bug report...
Bill Parker (wp02855 at gmail dot com)
--
components: Interpreter Core
files: getpath.c.patch
keywords: patch
messages: 240160
nosy: dogbert2
priority: normal
severity: normal
status: open
title: Missing sanity checks for various C library function calls...
type: behavior
versions: Python 3.4
Added file: http://bugs.python.org/file38848/getpath.c.patch
___
Python tracker
<http://bugs.python.org/issue23878>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23878] Missing sanity checks for various C library function calls...
Bill Parker added the comment: Addition of file 'ffi.c.patch'... -- Added file: http://bugs.python.org/file38849/ffi.c.patch ___ Python tracker <http://bugs.python.org/issue23878> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23878] Missing sanity checks for various C library function calls...
Bill Parker added the comment: Per Ned Deily, I did send 'ffi.c.patch' to the guys upstream at: https://sourceware.org/libffi/ So hopefully they can review and fix it in the next release :)... Given that Python is spread out, perhaps when a component is selected, it could display source directories and/or files (just a suggestion here)... -- ___ Python tracker <http://bugs.python.org/issue23878> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23860] Failure to check return value from lseek() in Modules/mmapmodule.c
Bill Parker added the comment: At the moment, I'm not sure if it's needed or not, but if it's only an issue with XP, then it might not be worth fixing...:) On Thu, Apr 9, 2015 at 1:35 PM, STINNER Victor wrote: > > STINNER Victor added the comment: > > > /* Win9x appears to need us seeked to zero */ > > lseek(fileno, 0, SEEK_SET); > > Hum, is it still needed in 2015 with Python 3.5? We even dropped support > for Windows XP. > > -- > > ___ > Python tracker > <http://bugs.python.org/issue23860> > ___ > -- ___ Python tracker <http://bugs.python.org/issue23860> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24250] Optimization for strcpy(..., "") in file 'install.c'
New submission from Bill Parker:
In reviewing calls to strcpy(, ""), I found three instances which could
be re-written as * = '\0'; which would save the minor overhead of a
function call. The patch file is below:
--- install.c.orig 2015-05-20 14:11:27.723397005 -0700
+++ install.c 2015-05-20 14:14:00.862860244 -0700
@@ -1640,8 +1640,8 @@
PSWIZB_BACK);
SetDlgItemText(hwnd, IDC_PATH, "");
SetDlgItemText(hwnd, IDC_INSTALL_PATH, "");
-strcpy(python_dir, "");
-strcpy(pythondll, "");
+ *python_dir = '\0'; /* replaces strcpy(python_dir, "") */
+ *pythondll = '\0'; /* replaces strcpy(pythondll, "") */
} else {
char *pbuf;
int result;
@@ -1680,7 +1680,7 @@
}
free(pbuf);
} else
-strcpy(pythondll, "");
+ *pythondll = '\0'; /* replaces strcpy(pythondll, "")
*/
/* retrieve the scheme for this version */
{
char install_path[_MAX_PATH];
I am attaching the patch file to this bug report...
--
components: Windows
files: install.c.patch
keywords: patch
messages: 243697
nosy: dogbert2, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Optimization for strcpy(..., "") in file 'install.c'
type: enhancement
versions: Python 3.4
Added file: http://bugs.python.org/file39440/install.c.patch
___
Python tracker
<http://bugs.python.org/issue24250>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
