[Python-checkins] r70665 - in python/branches/release30-maint: Misc/NEWS Modules/_fileio.c
antoine.pitrou
python-checkins at python.org
Sun Mar 29 01:57:21 CET 2009
Author: antoine.pitrou
Date: Sun Mar 29 01:57:20 2009
New Revision: 70665
Log:
Merged revisions 70664 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r70664 | antoine.pitrou | 2009-03-29 01:45:26 +0100 (dim., 29 mars 2009) | 6 lines
Issue #1174606: Calling read() without arguments of an unbounded file
(typically /dev/zero under Unix) could crash the interpreter.
No test as there always seems to be a risk of putting the machine on its knees.
........
Modified:
python/branches/release30-maint/ (props changed)
python/branches/release30-maint/Misc/NEWS
python/branches/release30-maint/Modules/_fileio.c
Modified: python/branches/release30-maint/Misc/NEWS
==============================================================================
--- python/branches/release30-maint/Misc/NEWS (original)
+++ python/branches/release30-maint/Misc/NEWS Sun Mar 29 01:57:20 2009
@@ -26,6 +26,9 @@
Library
-------
+- Issue #1174606: Calling read() without arguments of an unbounded file
+ (typically /dev/zero under Unix) could crash the interpreter.
+
- Issue #5068: Fixed the tarfile._BZ2Proxy.read() method that would loop
forever on incomplete input. That caused tarfile.open() to hang when used
with mode 'r' or 'r:bz2' and a fileobj argument that contained no data or
Modified: python/branches/release30-maint/Modules/_fileio.c
==============================================================================
--- python/branches/release30-maint/Modules/_fileio.c (original)
+++ python/branches/release30-maint/Modules/_fileio.c Sun Mar 29 01:57:20 2009
@@ -451,7 +451,7 @@
return NULL;
while (1) {
- Py_ssize_t newsize = (total < SMALLCHUNK) ? SMALLCHUNK : total;
+ size_t newsize = (total < SMALLCHUNK) ? SMALLCHUNK : total;
/* Keep doubling until we reach BIGCHUNK;
then keep adding BIGCHUNK. */
@@ -459,9 +459,14 @@
newsize += newsize;
}
else {
- /* NOTE: overflow impossible due to limits on BUFSIZ */
newsize += BIGCHUNK;
}
+ if (newsize > PY_SSIZE_T_MAX || newsize <= 0) {
+ PyErr_SetString(PyExc_OverflowError,
+ "unbounded read returned more bytes "
+ "than a Python string can hold ");
+ return NULL;
+ }
if (PyBytes_GET_SIZE(result) < newsize) {
if (_PyBytes_Resize(&result, newsize) < 0) {
More information about the Python-checkins
mailing list