Re: [Python-checkins] CVS: python/dist/src/Objects unicodeobject.c,2.31,2.32
Why was the change that occurred in revision 2.31 reverted? Accident? The change log said: Jack Jansen: Use include "" instead of <>; and staticforward declarations On Fri, Jun 30 2000 "M.-A. Lemburg" wrote:
Update of /cvsroot/python/python/dist/src/Objects In directory slayer.i.sourceforge.net:/tmp/cvs-serv25442/Objects
Modified Files: unicodeobject.c Log Message: Marc-Andre Lemburg <mal@lemburg.com>: New buffer overflow checks for formatting strings.
By Trent Mick.
Index: unicodeobject.c =================================================================== RCS file: /cvsroot/python/python/dist/src/Objects/unicodeobject.c,v retrieving revision 2.31 retrieving revision 2.32 diff -C2 -r2.31 -r2.32 *** unicodeobject.c 2000/06/29 00:06:39 2.31 --- unicodeobject.c 2000/06/30 10:29:57 2.32 *************** *** 67,71 **** #include "mymath.h" #include "unicodeobject.h" ! #include "ucnhash.h"
#if defined(HAVE_LIMITS_H) --- 67,71 ---- #include "mymath.h" #include "unicodeobject.h" ! #include <ucnhash.h>
#if defined(HAVE_LIMITS_H) *************** *** 1245,1249 **** ucnFallthrough: /* fall through on purpose */ ! default: *p++ = '\\'; *p++ = (unsigned char)s[-1]; --- 1245,1249 ---- ucnFallthrough: /* fall through on purpose */ ! default: *p++ = '\\'; *p++ = (unsigned char)s[-1]; *************** *** 1252,1256 **** } if (_PyUnicode_Resize(v, (int)(p - buf))) ! goto onError; return (PyObject *)v;
--- 1252,1256 ---- } if (_PyUnicode_Resize(v, (int)(p - buf))) ! goto onError; return (PyObject *)v;
*************** *** 4374,4377 **** --- 4374,4378 ---- static int formatfloat(Py_UNICODE *buf, + size_t buflen, int flags, int prec, *************** *** 4379,4382 **** --- 4380,4385 ---- PyObject *v) { + /* fmt = '%#.' + `prec` + `type` + worst case length = 3 + 10 (len of INT_MAX) + 1 = 14 (use 20)*/ char fmt[20]; double x; *************** *** 4387,4395 **** if (prec < 0) prec = 6; - if (prec > 50) - prec = 50; /* Arbitrary limitation */ if (type == 'f' && (fabs(x) / 1e25) >= 1e25) type = 'g'; sprintf(fmt, "%%%s.%d%c", (flags & F_ALT) ? "#" : "", prec, type); return usprintf(buf, fmt, x); } --- 4390,4408 ---- if (prec < 0) prec = 6; if (type == 'f' && (fabs(x) / 1e25) >= 1e25) type = 'g'; sprintf(fmt, "%%%s.%d%c", (flags & F_ALT) ? "#" : "", prec, type); + /* worst case length calc to ensure no buffer overrun: + fmt = %#.<prec>g + buf = '-' + [0-9]*prec + '.' + 'e+' + (longest exp + for any double rep.) + len = 1 + prec + 1 + 2 + 5 = 9 + prec + If prec=0 the effective precision is 1 (the leading digit is + always given), therefore increase by one to 10+prec. */ + if (buflen <= (size_t)10 + (size_t)prec) { + PyErr_SetString(PyExc_OverflowError, + "formatted float is too long (precision too long?)"); + return -1; + } return usprintf(buf, fmt, x); } *************** *** 4397,4400 **** --- 4410,4414 ---- static int formatint(Py_UNICODE *buf, + size_t buflen, int flags, int prec, *************** *** 4402,4405 **** --- 4416,4421 ---- PyObject *v) { + /* fmt = '%#.' + `prec` + 'l' + `type` + worst case length = 3 + 10 (len of INT_MAX) + 1 + 1 = 15 (use 20)*/ char fmt[20]; long x; *************** *** 4410,4413 **** --- 4426,4436 ---- if (prec < 0) prec = 1; + /* buf = '+'/'-'/'0'/'0x' + '[0-9]'*max(prec,len(x in octal)) + worst case buf = '0x' + [0-9]*prec, where prec >= 11 */ + if (buflen <= 13 || buflen <= (size_t)2+(size_t)prec) { + PyErr_SetString(PyExc_OverflowError, + "formatted integer is too long (precision too long?)"); + return -1; + } sprintf(fmt, "%%%s.%dl%c", (flags & F_ALT) ? "#" : "", prec, type); return usprintf(buf, fmt, x); *************** *** 4416,4421 **** static int formatchar(Py_UNICODE *buf, ! PyObject *v) { if (PyUnicode_Check(v)) { if (PyUnicode_GET_SIZE(v) != 1) --- 4439,4446 ---- static int formatchar(Py_UNICODE *buf, ! size_t buflen, ! PyObject *v) { + /* presume that the buffer is at least 2 characters long */ if (PyUnicode_Check(v)) { if (PyUnicode_GET_SIZE(v) != 1) *************** *** 4447,4450 **** --- 4472,4485 ---- }
+ /* fmt%(v1,v2,...) is roughly equivalent to sprintf(fmt, v1, v2, ...) + + FORMATBUFLEN is the length of the buffer in which the floats, ints, & + chars are formatted. XXX This is a magic number. Each formatting + routine does bounds checking to ensure no overflow, but a better + solution may be to malloc a buffer of appropriate size for each + format. For now, the current solution is sufficient. + */ + #define FORMATBUFLEN (size_t)120 + PyObject *PyUnicode_Format(PyObject *format, PyObject *args) *************** *** 4506,4513 **** PyObject *v = NULL; PyObject *temp = NULL; ! Py_UNICODE *buf; Py_UNICODE sign; int len; ! Py_UNICODE tmpbuf[120]; /* For format{float,int,char}() */
fmt++; --- 4541,4548 ---- PyObject *v = NULL; PyObject *temp = NULL; ! Py_UNICODE *pbuf; Py_UNICODE sign; int len; ! Py_UNICODE formatbuf[FORMATBUFLEN]; /* For format{float,int,char}() */
fmt++; *************** *** 4659,4664 ****
case '%': ! buf = tmpbuf; ! buf[0] = '%'; len = 1; break; --- 4694,4700 ----
case '%': ! pbuf = formatbuf; ! /* presume that buffer length is at least 1 */ ! pbuf[0] = '%'; len = 1; break; *************** *** 4696,4700 **** goto onError; } ! buf = PyUnicode_AS_UNICODE(temp); len = PyUnicode_GET_SIZE(temp); if (prec >= 0 && len > prec) --- 4732,4736 ---- goto onError; } ! pbuf = PyUnicode_AS_UNICODE(temp); len = PyUnicode_GET_SIZE(temp); if (prec >= 0 && len > prec) *************** *** 4710,4715 **** if (c == 'i') c = 'd'; ! buf = tmpbuf; ! len = formatint(buf, flags, prec, c, v); if (len < 0) goto onError; --- 4746,4752 ---- if (c == 'i') c = 'd'; ! pbuf = formatbuf; ! len = formatint(pbuf, sizeof(formatbuf)/sizeof(Py_UNICODE), ! flags, prec, c, v); if (len < 0) goto onError; *************** *** 4719,4725 **** if ((flags&F_ALT) && (c == 'x' || c == 'X') && ! buf[0] == '0' && buf[1] == c) { ! *res++ = *buf++; ! *res++ = *buf++; rescnt -= 2; len -= 2; --- 4756,4762 ---- if ((flags&F_ALT) && (c == 'x' || c == 'X') && ! pbuf[0] == '0' && pbuf[1] == c) { ! *res++ = *pbuf++; ! *res++ = *pbuf++; rescnt -= 2; len -= 2; *************** *** 4736,4741 **** case 'g': case 'G': ! buf = tmpbuf; ! len = formatfloat(buf, flags, prec, c, v); if (len < 0) goto onError; --- 4773,4779 ---- case 'g': case 'G': ! pbuf = formatbuf; ! len = formatfloat(pbuf, sizeof(formatbuf)/sizeof(Py_UNICODE), ! flags, prec, c, v); if (len < 0) goto onError; *************** *** 4746,4751 ****
case 'c': ! buf = tmpbuf; ! len = formatchar(buf, v); if (len < 0) goto onError; --- 4784,4789 ----
case 'c': ! pbuf = formatbuf; ! len = formatchar(pbuf, sizeof(formatbuf)/sizeof(Py_UNICODE), v); if (len < 0) goto onError; *************** *** 4759,4764 **** } if (sign) { ! if (*buf == '-' || *buf == '+') { ! sign = *buf++; len--; } --- 4797,4802 ---- } if (sign) { ! if (*pbuf == '-' || *pbuf == '+') { ! sign = *pbuf++; len--; } *************** *** 4796,4800 **** if (sign && fill == ' ') *res++ = sign; ! memcpy(res, buf, len * sizeof(Py_UNICODE)); res += len; rescnt -= len; --- 4834,4838 ---- if (sign && fill == ' ') *res++ = sign; ! memcpy(res, pbuf, len * sizeof(Py_UNICODE)); res += len; rescnt -= len;
-- Sjoerd Mullender <sjoerd.mullender@oratrix.com>
Why was the change that occurred in revision 2.31 reverted? Accident?
The change log said: Jack Jansen: Use include "" instead of <>; and staticforward declarations
Accident... I'll revert that change. -- Marc-Andre Lemburg ______________________________________________________________________ Business: http://www.lemburg.com/ Python Pages: http://www.lemburg.com/python/
On Fri, Jun 30, 2000 at 04:53:31PM +0200, M.-A. Lemburg wrote:
Why was the change that occurred in revision 2.31 reverted? Accident?
The change log said: Jack Jansen: Use include "" instead of <>; and staticforward declarations
Accident... I'll revert that change.
This is symptomatic of people not being careful with their CVS usage. *ALWAYS* do a "cvs update" before any commits. If the file has changed while you're working on it, CVS will merge the changes in with yours. You will be notified if there were any conflicts. But this is a MUST. We've seen this reversal of changes twice now. Only through the careful eye of some -checkins watchers has that fact turned up. If those people weren't watching, we'd be lost. If you're going to commit changes to Python, then please take the responsibility to use CVS correctly. Thanks! -g -- Greg Stein, http://www.lyra.org/
Greg Stein wrote:
On Fri, Jun 30, 2000 at 04:53:31PM +0200, M.-A. Lemburg wrote:
Why was the change that occurred in revision 2.31 reverted? Accident?
The change log said: Jack Jansen: Use include "" instead of <>; and staticforward declarations
Accident... I'll revert that change.
This is symptomatic of people not being careful with their CVS usage.
*ALWAYS* do a "cvs update" before any commits. If the file has changed while you're working on it, CVS will merge the changes in with yours. You will be notified if there were any conflicts.
But this is a MUST. We've seen this reversal of changes twice now. Only through the careful eye of some -checkins watchers has that fact turned up. If those people weren't watching, we'd be lost.
If you're going to commit changes to Python, then please take the responsibility to use CVS correctly.
Hey, Greg, stay cool :-) The accident happened because I had to modify Trent's patch to make it apply correctly and I forgot to update the *copy* of the CVS tree in which I edited the changes. I always do a cvs update to my local CVS version before the checkins, in fact, the small script I posted to this list does the checking for me and won't accept the checkins if the local version is out of sync. -- Marc-Andre Lemburg ______________________________________________________________________ Business: http://www.lemburg.com/ Python Pages: http://www.lemburg.com/python/
participants (3)
-
Greg Stein
-
M.-A. Lemburg
-
Sjoerd Mullender