[Python-checkins] python/dist/src/Objects fileobject.c,2.141.6.4,2.141.6.5 stringobject.c,2.147.6.3,2.147.6.4 unicodeobject.c,2.124.6.8,2.124.6.9
anthonybaxter@sourceforge.net
anthonybaxter@sourceforge.net
Mon, 29 Apr 2002 20:41:56 -0700
Update of /cvsroot/python/python/dist/src/Objects
In directory usw-pr-cvs1:/tmp/cvs-serv6207/Objects
Modified Files:
Tag: release22-maint
fileobject.c stringobject.c unicodeobject.c
Log Message:
backport tim_one's patch:
Repair widespread misuse of _PyString_Resize. Since it's clear people
don't understand how this function works, also beefed up the docs. The
most common usage error is of this form (often spread out across gotos):
if (_PyString_Resize(&s, n) < 0) {
Py_DECREF(s);
s = NULL;
goto outtahere;
}
The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL. So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s): s is already
NULL! A correct way to write the above is the simpler (and intended)
if (_PyString_Resize(&s, n) < 0)
goto outtahere;
Bugfix candidate.
Original patch(es):
python/dist/src/Objects/fileobject.c:2.161
python/dist/src/Objects/stringobject.c:2.161
python/dist/src/Objects/unicodeobject.c:2.147
Index: fileobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/fileobject.c,v
retrieving revision 2.141.6.4
retrieving revision 2.141.6.5
diff -C2 -d -r2.141.6.4 -r2.141.6.5
*** fileobject.c 8 Apr 2002 04:19:50 -0000 2.141.6.4
--- fileobject.c 30 Apr 2002 03:41:53 -0000 2.141.6.5
***************
*** 1167,1173 ****
}
cleanup:
! if (big_buffer) {
! Py_DECREF(big_buffer);
! }
return list;
}
--- 1167,1171 ----
}
cleanup:
! Py_XDECREF(big_buffer);
return list;
}
Index: stringobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/stringobject.c,v
retrieving revision 2.147.6.3
retrieving revision 2.147.6.4
diff -C2 -d -r2.147.6.3 -r2.147.6.4
*** stringobject.c 22 Apr 2002 18:42:44 -0000 2.147.6.3
--- stringobject.c 30 Apr 2002 03:41:53 -0000 2.147.6.4
***************
*** 1902,1907 ****
}
/* Fix the size of the resulting string */
! if (inlen > 0 &&_PyString_Resize(&result, output-output_start))
! return NULL;
return result;
}
--- 1902,1907 ----
}
/* Fix the size of the resulting string */
! if (inlen > 0)
! _PyString_Resize(&result, output - output_start);
return result;
}
***************
*** 2964,2968 ****
as creating a new string object and destroying the old one, only
more efficiently. In any case, don't use this if the string may
! already be known to some other part of the code... */
int
--- 2964,2975 ----
as creating a new string object and destroying the old one, only
more efficiently. In any case, don't use this if the string may
! already be known to some other part of the code...
! Note that if there's not enough memory to resize the string, the original
! string object at *pv is deallocated, *pv is set to NULL, an "out of
! memory" exception is set, and -1 is returned. Else (on success) 0 is
! returned, and the value in *pv may or may not be the same as on input.
! As always, an extra byte is allocated for a trailing \0 byte (newsize
! does *not* include that), and a trailing \0 byte is stored.
! */
int
Index: unicodeobject.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Objects/unicodeobject.c,v
retrieving revision 2.124.6.8
retrieving revision 2.124.6.9
diff -C2 -d -r2.124.6.8 -r2.124.6.9
*** unicodeobject.c 22 Apr 2002 18:42:45 -0000 2.124.6.8
--- unicodeobject.c 30 Apr 2002 03:41:53 -0000 2.124.6.9
***************
*** 928,935 ****
}
! if (_PyString_Resize(&v, out - start)) {
! Py_DECREF(v);
! return NULL;
! }
return v;
}
--- 928,932 ----
}
! _PyString_Resize(&v, out - start);
return v;
}
***************
*** 1779,1783 ****
if (offset + 12 > PyString_GET_SIZE(repr)) {
if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
! goto onError;
p = PyString_AS_STRING(repr) + offset;
}
--- 1776,1780 ----
if (offset + 12 > PyString_GET_SIZE(repr)) {
if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
! return NULL;
p = PyString_AS_STRING(repr) + offset;
}
***************
*** 1862,1873 ****
*p = '\0';
! if (_PyString_Resize(&repr, p - PyString_AS_STRING(repr)))
! goto onError;
!
return repr;
-
- onError:
- Py_DECREF(repr);
- return NULL;
}
--- 1859,1864 ----
*p = '\0';
! _PyString_Resize(&repr, p - PyString_AS_STRING(repr));
return repr;
}
***************
*** 2000,2011 ****
}
*p = '\0';
! if (_PyString_Resize(&repr, p - q))
! goto onError;
!
return repr;
-
- onError:
- Py_DECREF(repr);
- return NULL;
}
--- 1991,1996 ----
}
*p = '\0';
! _PyString_Resize(&repr, p - q);
return repr;
}
***************
*** 2107,2112 ****
/* Resize if error handling skipped some characters */
if (s - start < PyString_GET_SIZE(repr))
! if (_PyString_Resize(&repr, s - start))
! goto onError;
return repr;
--- 2092,2096 ----
/* Resize if error handling skipped some characters */
if (s - start < PyString_GET_SIZE(repr))
! _PyString_Resize(&repr, s - start);
return repr;
***************
*** 2255,2260 ****
/* Resize if error handling skipped some characters */
if (s - start < PyString_GET_SIZE(repr))
! if (_PyString_Resize(&repr, s - start))
! goto onError;
return repr;
--- 2239,2243 ----
/* Resize if error handling skipped some characters */
if (s - start < PyString_GET_SIZE(repr))
! _PyString_Resize(&repr, s - start);
return repr;
***************
*** 2603,2612 ****
}
if (s - PyString_AS_STRING(v) < PyString_GET_SIZE(v))
! if (_PyString_Resize(&v, (int)(s - PyString_AS_STRING(v))))
! goto onError;
return v;
onError:
! Py_DECREF(v);
return NULL;
}
--- 2586,2594 ----
}
if (s - PyString_AS_STRING(v) < PyString_GET_SIZE(v))
! _PyString_Resize(&v, (int)(s - PyString_AS_STRING(v)));
return v;
onError:
! Py_XDECREF(v);
return NULL;
}