From: Jeremy Hylton Date: Tue, 16 Sep 2003 20:30:03 +0000 (+0000) Subject: Backport: Double-fix of crash in Unicode freelist handling. X-Git-Tag: v2.3.1~46 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6687ded893f892e1496d84713d2ae3e7b257c223;p=thirdparty%2FPython%2Fcpython.git Backport: Double-fix of crash in Unicode freelist handling. --- diff --git a/Misc/NEWS b/Misc/NEWS index d7b47c7016ef..79bd3ffff132 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,11 @@ What's New in Python 2.3.1? Core and builtins ----------------- +- Fixed a bug in the cache of length-one Unicode strings that could + lead to a seg fault. The specific problem occurred when an earlier, + non-fatal error left an uninitialized Unicode object in the + freelist. + - Fixed a leak in class objects defining a comparison but not a hash function. diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 7ba9547b1f74..fffab49a35a2 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -132,7 +132,7 @@ int unicode_resize(register PyUnicodeObject *unicode, instead ! */ if (unicode == unicode_empty || (unicode->length == 1 && - unicode->str[0] < 256 && + unicode->str[0] < 256U && unicode_latin1[unicode->str[0]] == unicode)) { PyErr_SetString(PyExc_SystemError, "can't resize shared unicode objects"); @@ -211,6 +211,7 @@ PyUnicodeObject *_PyUnicode_New(int length) PyErr_NoMemory(); goto onError; } + unicode->str[0] = 0; unicode->str[length] = 0; unicode->length = length; unicode->hash = -1;