[Python-checkins] cpython (merge 3.3 -> 3.4): merge 3.3 (#23361)
benjamin.peterson
python-checkins at python.org
Tue Feb 10 03:00:20 CET 2015
https://hg.python.org/cpython/rev/b82cc9180a78
changeset: 94575:b82cc9180a78
branch: 3.4
parent: 94570:84a05605caeb
parent: 94574:ab2e79c6cf6b
user: Benjamin Peterson <benjamin at python.org>
date: Mon Feb 09 20:58:52 2015 -0500
summary:
merge 3.3 (#23361)
files:
Misc/NEWS | 1 +
Modules/_winapi.c | 14 ++++++++++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,7 @@
Library
-------
+- Issue #23361: Fix possible overflow in Windows subprocess creation code.
What's New in Python 3.4.3rc1?
==============================
diff --git a/Modules/_winapi.c b/Modules/_winapi.c
--- a/Modules/_winapi.c
+++ b/Modules/_winapi.c
@@ -535,13 +535,23 @@
"environment can only contain strings");
goto error;
}
+ if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(key) - 1) {
+ PyErr_SetString(PyExc_OverflowError, "environment too long");
+ goto error;
+ }
totalsize += PyUnicode_GET_LENGTH(key) + 1; /* +1 for '=' */
+ if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(value) - 1) {
+ PyErr_SetString(PyExc_OverflowError, "environment too long");
+ goto error;
+ }
totalsize += PyUnicode_GET_LENGTH(value) + 1; /* +1 for '\0' */
}
- buffer = PyMem_Malloc(totalsize * sizeof(Py_UCS4));
- if (! buffer)
+ buffer = PyMem_NEW(Py_UCS4, totalsize);
+ if (! buffer) {
+ PyErr_NoMemory();
goto error;
+ }
p = buffer;
end = buffer + totalsize;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list