[Python-checkins] r70665 - in python/branches/release30-maint: Misc/NEWS Modules/_fileio.c

antoine.pitrou python-checkins at python.org
Sun Mar 29 01:57:21 CET 2009 

Author: antoine.pitrou
Date: Sun Mar 29 01:57:20 2009
New Revision: 70665

Log:
Merged revisions 70664 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r70664 | antoine.pitrou | 2009-03-29 01:45:26 +0100 (dim., 29 mars 2009) | 6 lines
  
  Issue #1174606: Calling read() without arguments of an unbounded file
  (typically /dev/zero under Unix) could crash the interpreter.
  
  No test as there always seems to be a risk of putting the machine on its knees.
........


Modified:
   python/branches/release30-maint/   (props changed)
   python/branches/release30-maint/Misc/NEWS
   python/branches/release30-maint/Modules/_fileio.c

Modified: python/branches/release30-maint/Misc/NEWS
==============================================================================
--- python/branches/release30-maint/Misc/NEWS	(original)
+++ python/branches/release30-maint/Misc/NEWS	Sun Mar 29 01:57:20 2009
@@ -26,6 +26,9 @@
 Library
 -------
 
+- Issue #1174606: Calling read() without arguments of an unbounded file
+  (typically /dev/zero under Unix) could crash the interpreter.
+
 - Issue #5068: Fixed the tarfile._BZ2Proxy.read() method that would loop
   forever on incomplete input. That caused tarfile.open() to hang when used
   with mode 'r' or 'r:bz2' and a fileobj argument that contained no data or

Modified: python/branches/release30-maint/Modules/_fileio.c
==============================================================================
--- python/branches/release30-maint/Modules/_fileio.c	(original)
+++ python/branches/release30-maint/Modules/_fileio.c	Sun Mar 29 01:57:20 2009
@@ -451,7 +451,7 @@
 		return NULL;
 
 	while (1) {
-		Py_ssize_t newsize = (total < SMALLCHUNK) ? SMALLCHUNK : total;
+		size_t newsize = (total < SMALLCHUNK) ? SMALLCHUNK : total;
 
 		/* Keep doubling until we reach BIGCHUNK;
 		   then keep adding BIGCHUNK. */
@@ -459,9 +459,14 @@
 			newsize += newsize;
 		}
 		else {
-			/* NOTE: overflow impossible due to limits on BUFSIZ */
 			newsize += BIGCHUNK;
 		}
+		if (newsize > PY_SSIZE_T_MAX || newsize <= 0) {
+			PyErr_SetString(PyExc_OverflowError,
+				"unbounded read returned more bytes "
+				"than a Python string can hold ");
+			return NULL;
+		}
 
 		if (PyBytes_GET_SIZE(result) < newsize) {
 			if (_PyBytes_Resize(&result, newsize) < 0) {

More information about the Python-checkins mailing list