backport tim_one's patch:

Repair widespread misuse of _PyString_Resize.  Since it's clear people
don't understand how this function works, also beefed up the docs.  The
most common usage error is of this form (often spread out across gotos):

	if (_PyString_Resize(&s, n) < 0) {
		Py_DECREF(s);
		s = NULL;
		goto outtahere;
	}

The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL.  So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s):  s is already
NULL!  A correct way to write the above is the simpler (and intended)

	if (_PyString_Resize(&s, n) < 0)
		goto outtahere;

Bugfix candidate.

Original patch(es):
python/dist/src/Objects/fileobject.c:2.161
python/dist/src/Objects/stringobject.c:2.161
python/dist/src/Objects/unicodeobject.c:2.147

diff --git a/Objects/fileobject.c b/Objects/fileobject.c
index 7ac6efbbc831c40ba53568767279baf0f9d6e826..3b98c8e626438617153d5e7ee8c6376167d40051 100644 (file)
--- a/Objects/fileobject.c
+++ b/Objects/fileobject.c
@@ -1166,9 +1166,7 @@ file_readlines(PyFileObject *f, PyObject *args)
                        goto error;
        }
   cleanup:
-       if (big_buffer) {
-               Py_DECREF(big_buffer);
-       }
+       Py_XDECREF(big_buffer);
        return list;
 }
 

diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index b4f820228cb0c0c50fc443ed238b1574610d37b0..00f5d986a2629b3e2f21e9ea8f4a0bcf76363ac8 100644 (file)
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -1901,8 +1901,8 @@ string_translate(PyStringObject *self, PyObject *args)
                return input_obj;
        }
        /* Fix the size of the resulting string */
-       if (inlen > 0 &&_PyString_Resize(&result, output-output_start))
-               return NULL;
+       if (inlen > 0)
+               _PyString_Resize(&result, output - output_start);
        return result;
 }
 
@@ -2963,7 +2963,14 @@ PyString_ConcatAndDel(register PyObject **pv, register PyObject *w)
    is only one module referencing the object.  You can also think of it
    as creating a new string object and destroying the old one, only
    more efficiently.  In any case, don't use this if the string may
-   already be known to some other part of the code... */
+   already be known to some other part of the code...
+   Note that if there's not enough memory to resize the string, the original
+   string object at *pv is deallocated, *pv is set to NULL, an "out of
+   memory" exception is set, and -1 is returned.  Else (on success) 0 is
+   returned, and the value in *pv may or may not be the same as on input.
+   As always, an extra byte is allocated for a trailing \0 byte (newsize
+   does *not* include that), and a trailing \0 byte is stored.
+*/
 
 int
 _PyString_Resize(PyObject **pv, int newsize)

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index 4d6dd72394c0c22d53a926775996a5fd5dfbce27..5232aa3355576dc409721c1fb9cce44240af6d23 100644 (file)
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -927,10 +927,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s,
         *out++ = '-';
     }
 
-    if (_PyString_Resize(&v, out - start)) {
-        Py_DECREF(v);
-        return NULL;
-    }
+    _PyString_Resize(&v, out - start);
     return v;
 }
 
@@ -1778,7 +1775,7 @@ PyObject *unicodeescape_string(const Py_UNICODE *s,
            /* Resize the string if necessary */
            if (offset + 12 > PyString_GET_SIZE(repr)) {
                if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
-                   goto onError;
+                   return NULL;
                p = PyString_AS_STRING(repr) + offset;
            }
 
@@ -1861,14 +1858,8 @@ PyObject *unicodeescape_string(const Py_UNICODE *s,
         *p++ = PyString_AS_STRING(repr)[1];
 
     *p = '\0';
-    if (_PyString_Resize(&repr, p - PyString_AS_STRING(repr)))
-       goto onError;
-
+    _PyString_Resize(&repr, p - PyString_AS_STRING(repr));
     return repr;
-
- onError:
-    Py_DECREF(repr);
-    return NULL;
 }
 
 PyObject *PyUnicode_EncodeUnicodeEscape(const Py_UNICODE *s,
@@ -1999,14 +1990,8 @@ PyObject *PyUnicode_EncodeRawUnicodeEscape(const Py_UNICODE *s,
             *p++ = (char) ch;
     }
     *p = '\0';
-    if (_PyString_Resize(&repr, p - q))
-       goto onError;
-
+    _PyString_Resize(&repr, p - q);
     return repr;
-
- onError:
-    Py_DECREF(repr);
-    return NULL;
 }
 
 PyObject *PyUnicode_AsRawUnicodeEscapeString(PyObject *unicode)
@@ -2106,8 +2091,7 @@ PyObject *PyUnicode_EncodeLatin1(const Py_UNICODE *p,
     }
     /* Resize if error handling skipped some characters */
     if (s - start < PyString_GET_SIZE(repr))
-       if (_PyString_Resize(&repr, s - start))
-           goto onError;
+       _PyString_Resize(&repr, s - start);
     return repr;
 
  onError:
@@ -2254,8 +2238,7 @@ PyObject *PyUnicode_EncodeASCII(const Py_UNICODE *p,
     }
     /* Resize if error handling skipped some characters */
     if (s - start < PyString_GET_SIZE(repr))
-       if (_PyString_Resize(&repr, s - start))
-           goto onError;
+       _PyString_Resize(&repr, s - start);
     return repr;
 
  onError:
@@ -2602,12 +2585,11 @@ PyObject *PyUnicode_EncodeCharmap(const Py_UNICODE *p,
        Py_DECREF(x);
     }
     if (s - PyString_AS_STRING(v) < PyString_GET_SIZE(v))
-       if (_PyString_Resize(&v, (int)(s - PyString_AS_STRING(v))))
-           goto onError;
+       _PyString_Resize(&v, (int)(s - PyString_AS_STRING(v)));
     return v;
 
  onError:
-    Py_DECREF(v);
+    Py_XDECREF(v);
     return NULL;
 }