After the recent discussion about Coverity, I took a look at one of the checkins made, apparently based on output from their tool. http://svn.python.org/view/python/branches/release24-maint/Objects/object.c?&r1=43015&r2=43014&rev=43015&view=diff&diff_format=l This change, a backport of a similar change made to HEAD, doesn't seem to fix the flaw: the PyUnicode_CheckExact() call is now guarded against a NULL return, but the subsequent PyUnicode_Check() and PyString_Check() calls don't seem to be. I'm not 100% sure what's going on here, but it still looks a bit fishy. The API reference says that PyObject_AsUnicode may return NULL, so why doesn't the function just call PyErr_BadInternalCall() and return NULL? Jeff
On 3/14/06, Jeff Epler
After the recent discussion about Coverity, I took a look at one of the checkins made, apparently based on output from their tool.
This change, a backport of a similar change made to HEAD, doesn't seem to fix the flaw: the PyUnicode_CheckExact() call is now guarded against a NULL return, but the subsequent PyUnicode_Check() and PyString_Check() calls don't seem to be.
Agreed. That change doesn't fix the real problem. I bet it'll still segfault for PyObject_Unicode(NULL). In fact, I and Neal talked about the problem and have a correct patch. But the patch looks bit messy so we hated it. :-) http://python.org/sf/1444030
I'm not 100% sure what's going on here, but it still looks a bit fishy. The API reference says that PyObject_AsUnicode may return NULL, so why doesn't the function just call PyErr_BadInternalCall() and return NULL?
For the consistency with PyObject_String(NULL) which returns a string "<NULL>". Hye-Shik
On 3/13/06, Hye-Shik Chang
On 3/14/06, Jeff Epler
wrote: After the recent discussion about Coverity, I took a look at one of the checkins made, apparently based on output from their tool.
This change, a backport of a similar change made to HEAD, doesn't seem to fix the flaw: the PyUnicode_CheckExact() call is now guarded against a NULL return, but the subsequent PyUnicode_Check() and PyString_Check() calls don't seem to be.
Agreed. That change doesn't fix the real problem. I bet it'll still segfault for PyObject_Unicode(NULL).
In fact, I and Neal talked about the problem and have a correct patch. But the patch looks bit messy so we hated it. :-) http://python.org/sf/1444030
Right. I realized it would just be easier to inline the code, which is what i wound up doing. This problem should be addressed fully now. n
participants (3)
-
Hye-Shik Chang
-
Jeff Epler
-
Neal Norwitz