From 3864a45cd3a142ef168ffb69de1b407fbeda80bf Mon Sep 17 00:00:00 2001 From: Anthony Baxter Date: Tue, 30 Apr 2002 03:41:53 +0000 Subject: [PATCH] backport tim_one's patch: Repair widespread misuse of _PyString_Resize. Since it's clear people don't understand how this function works, also beefed up the docs. The most common usage error is of this form (often spread out across gotos): if (_PyString_Resize(&s, n) < 0) { Py_DECREF(s); s = NULL; goto outtahere; } The error is that if _PyString_Resize runs out of memory, it automatically decrefs the input string object s (which also deallocates it, since its refcount must be 1 upon entry), and sets s to NULL. So if the "if" branch ever triggers, it's an error to call Py_DECREF(s): s is already NULL! A correct way to write the above is the simpler (and intended) if (_PyString_Resize(&s, n) < 0) goto outtahere; Bugfix candidate. Original patch(es): python/dist/src/Objects/fileobject.c:2.161 python/dist/src/Objects/stringobject.c:2.161 python/dist/src/Objects/unicodeobject.c:2.147 --- Objects/fileobject.c | 4 +--- Objects/stringobject.c | 13 ++++++++++--- Objects/unicodeobject.c | 34 ++++++++-------------------------- 3 files changed, 19 insertions(+), 32 deletions(-) diff --git a/Objects/fileobject.c b/Objects/fileobject.c index 7ac6efbbc831..3b98c8e62643 100644 --- a/Objects/fileobject.c +++ b/Objects/fileobject.c @@ -1166,9 +1166,7 @@ file_readlines(PyFileObject *f, PyObject *args) goto error; } cleanup: - if (big_buffer) { - Py_DECREF(big_buffer); - } + Py_XDECREF(big_buffer); return list; } diff --git a/Objects/stringobject.c b/Objects/stringobject.c index b4f820228cb0..00f5d986a262 100644 --- a/Objects/stringobject.c +++ b/Objects/stringobject.c @@ -1901,8 +1901,8 @@ string_translate(PyStringObject *self, PyObject *args) return input_obj; } /* Fix the size of the resulting string */ - if (inlen > 0 &&_PyString_Resize(&result, output-output_start)) - return NULL; + if (inlen > 0) + _PyString_Resize(&result, output - output_start); return result; } @@ -2963,7 +2963,14 @@ PyString_ConcatAndDel(register PyObject **pv, register PyObject *w) is only one module referencing the object. You can also think of it as creating a new string object and destroying the old one, only more efficiently. In any case, don't use this if the string may - already be known to some other part of the code... */ + already be known to some other part of the code... + Note that if there's not enough memory to resize the string, the original + string object at *pv is deallocated, *pv is set to NULL, an "out of + memory" exception is set, and -1 is returned. Else (on success) 0 is + returned, and the value in *pv may or may not be the same as on input. + As always, an extra byte is allocated for a trailing \0 byte (newsize + does *not* include that), and a trailing \0 byte is stored. +*/ int _PyString_Resize(PyObject **pv, int newsize) diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index 4d6dd72394c0..5232aa335557 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -927,10 +927,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s, *out++ = '-'; } - if (_PyString_Resize(&v, out - start)) { - Py_DECREF(v); - return NULL; - } + _PyString_Resize(&v, out - start); return v; } @@ -1778,7 +1775,7 @@ PyObject *unicodeescape_string(const Py_UNICODE *s, /* Resize the string if necessary */ if (offset + 12 > PyString_GET_SIZE(repr)) { if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100)) - goto onError; + return NULL; p = PyString_AS_STRING(repr) + offset; } @@ -1861,14 +1858,8 @@ PyObject *unicodeescape_string(const Py_UNICODE *s, *p++ = PyString_AS_STRING(repr)[1]; *p = '\0'; - if (_PyString_Resize(&repr, p - PyString_AS_STRING(repr))) - goto onError; - + _PyString_Resize(&repr, p - PyString_AS_STRING(repr)); return repr; - - onError: - Py_DECREF(repr); - return NULL; } PyObject *PyUnicode_EncodeUnicodeEscape(const Py_UNICODE *s, @@ -1999,14 +1990,8 @@ PyObject *PyUnicode_EncodeRawUnicodeEscape(const Py_UNICODE *s, *p++ = (char) ch; } *p = '\0'; - if (_PyString_Resize(&repr, p - q)) - goto onError; - + _PyString_Resize(&repr, p - q); return repr; - - onError: - Py_DECREF(repr); - return NULL; } PyObject *PyUnicode_AsRawUnicodeEscapeString(PyObject *unicode) @@ -2106,8 +2091,7 @@ PyObject *PyUnicode_EncodeLatin1(const Py_UNICODE *p, } /* Resize if error handling skipped some characters */ if (s - start < PyString_GET_SIZE(repr)) - if (_PyString_Resize(&repr, s - start)) - goto onError; + _PyString_Resize(&repr, s - start); return repr; onError: @@ -2254,8 +2238,7 @@ PyObject *PyUnicode_EncodeASCII(const Py_UNICODE *p, } /* Resize if error handling skipped some characters */ if (s - start < PyString_GET_SIZE(repr)) - if (_PyString_Resize(&repr, s - start)) - goto onError; + _PyString_Resize(&repr, s - start); return repr; onError: @@ -2602,12 +2585,11 @@ PyObject *PyUnicode_EncodeCharmap(const Py_UNICODE *p, Py_DECREF(x); } if (s - PyString_AS_STRING(v) < PyString_GET_SIZE(v)) - if (_PyString_Resize(&v, (int)(s - PyString_AS_STRING(v)))) - goto onError; + _PyString_Resize(&v, (int)(s - PyString_AS_STRING(v))); return v; onError: - Py_DECREF(v); + Py_XDECREF(v); return NULL; } -- 2.47.3