From: Andrew M. Kuchling <amk@amk.ca>
Date: Wed, 4 Oct 2006 13:12:26 +0000 (+0000)
Subject: [Backport r51226 | neal.norwitz]
X-Git-Tag: v2.4.4c1~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2a16615545b2ea5ede0d4e20f218d54d087021f;p=thirdparty%2FPython%2Fcpython.git

[Backport r51226 | neal.norwitz]

I'm not sure why this code allocates this string for the error message.
I think it would be better to always use snprintf and have the format
limit the size of the name appropriately (like %.200s).

Klocwork #340
---

diff --git a/Modules/unicodedata.c b/Modules/unicodedata.c
index 2f97df1978f6..52086f6aee73 100644
--- a/Modules/unicodedata.c
+++ b/Modules/unicodedata.c
@@ -869,6 +869,7 @@ unicodedata_lookup(PyObject* self, PyObject* args)
 {
     Py_UCS4 code;
     Py_UNICODE str[1];
+    char errbuf[256];
 
     char* name;
     int namelen;
@@ -876,11 +877,19 @@ unicodedata_lookup(PyObject* self, PyObject* args)
         return NULL;
 
     if (!_getcode(name, namelen, &code)) {
+	/* XXX(nnorwitz): why are we allocating for the error msg?
+		Why not always use snprintf? */
         char fmt[] = "undefined character name '%s'";
         char *buf = PyMem_MALLOC(sizeof(fmt) + namelen);
-        sprintf(buf, fmt, name);
+        if (buf)
+            sprintf(buf, fmt, name);
+        else {
+            buf = errbuf;
+            PyOS_snprintf(buf, sizeof(errbuf), fmt, name);
+        }
         PyErr_SetString(PyExc_KeyError, buf);
-        PyMem_FREE(buf);
+        if (buf != errbuf)
+        	PyMem_FREE(buf);
         return NULL;
     }