Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer

overflows. Added few missed PyErr_NoMemory().

Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer
overflows. Added few missed PyErr_NoMemory().
4c98008a · Serhiy Storchaka · 8427dec2 · 4c98008a · 4c98008a · 4c98008a
Commit 4c98008a authored Feb 16, 2015 by Serhiy Storchaka
5 changed files
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -4469,8 +4469,11 @@ Array_subscript(PyObject *_self, PyObject *item)
                                              slicelen);
            }

-            dest = (wchar_t *)PyMem_Malloc(
-                                    slicelen * sizeof(wchar_t));
+            dest = PyMem_New(wchar_t, slicelen);
+            if (dest == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+            }

            for (cur = start, i = 0; i < slicelen;
                 cur += step, i++) {
@@ -5250,7 +5253,7 @@ Pointer_subscript(PyObject *_self, PyObject *item)
                return PyUnicode_FromWideChar(ptr + start,
                                              len);
            }
-            dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t));
+            dest = PyMem_New(wchar_t, len);
            if (dest == NULL)
                return PyErr_NoMemory();
            for (cur = start, i = 0; i < len; cur += step, i++) {

--- a/Modules/_ctypes/stgdict.c
+++ b/Modules/_ctypes/stgdict.c
@@ -80,14 +80,18 @@ PyCStgDict_clone(StgDictObject *dst, StgDictObject *src)

    if (src->format) {
        dst->format = PyMem_Malloc(strlen(src->format) + 1);
-        if (dst->format == NULL)
+        if (dst->format == NULL) {
+            PyErr_NoMemory();
            return -1;
+        }
        strcpy(dst->format, src->format);
    }
    if (src->shape) {
        dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim);
-        if (dst->shape == NULL)
+        if (dst->shape == NULL) {
+            PyErr_NoMemory();
            return -1;
+        }
        memcpy(dst->shape, src->shape,
               sizeof(Py_ssize_t) * src->ndim);
    }
@@ -388,7 +392,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
        union_size = 0;
        total_align = align ? align : 1;
        stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
-        stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1));
+        stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1);
        if (stgdict->ffi_type_pointer.elements == NULL) {
            PyErr_NoMemory();
            return -1;
@@ -406,7 +410,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
        union_size = 0;
        total_align = 1;
        stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
-        stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1));
+        stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1);
        if (stgdict->ffi_type_pointer.elements == NULL) {
            PyErr_NoMemory();
            return -1;

--- a/Modules/_localemodule.c
+++ b/Modules/_localemodule.c
@@ -314,7 +314,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args)
    }
    /* Convert the unicode strings to wchar[]. */
    len1 = PyUnicode_GET_SIZE(os1) + 1;
-    ws1 = PyMem_MALLOC(len1 * sizeof(wchar_t));
+    ws1 = PyMem_NEW(wchar_t, len1);
    if (!ws1) {
        PyErr_NoMemory();
        goto done;
@@ -323,7 +323,7 @@ PyLocale_strcoll(PyObject* self, PyObject* args)
        goto done;
    ws1[len1 - 1] = 0;
    len2 = PyUnicode_GET_SIZE(os2) + 1;
-    ws2 = PyMem_MALLOC(len2 * sizeof(wchar_t));
+    ws2 = PyMem_NEW(wchar_t, len2);
    if (!ws2) {
        PyErr_NoMemory();
        goto done;

--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3891,10 +3891,11 @@ static int _setup_ssl_threads(void) {

    if (_ssl_locks == NULL) {
        _ssl_locks_count = CRYPTO_num_locks();
-        _ssl_locks = (PyThread_type_lock *)
-            PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count);
-        if (_ssl_locks == NULL)
+        _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
+        if (_ssl_locks == NULL) {
+            PyErr_NoMemory();
            return 0;
+        }
        memset(_ssl_locks, 0,
               sizeof(PyThread_type_lock) * _ssl_locks_count);
        for (i = 0;  i < _ssl_locks_count;  i++) {

--- a/Python/peephole.c
+++ b/Python/peephole.c
@@ -242,7 +242,7 @@ fold_unaryops_on_constants(unsigned char *codestr, PyObject *consts)
 static unsigned int *
 markblocks(unsigned char *code, Py_ssize_t len)
 {
-    unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int));
+    unsigned int *blocks = PyMem_New(unsigned int, len);
    int i,j, opcode, blockcnt = 0;

    if (blocks == NULL) {
@@ -343,9 +343,11 @@ PyCode_Optimize(PyObject *code, PyObject* consts, PyObject *names,
        goto exitUnchanged;

    /* Mapping to new jump targets after NOPs are removed */
-    addrmap = (int *)PyMem_Malloc(codelen * sizeof(int));
-    if (addrmap == NULL)
+    addrmap = PyMem_New(int, codelen);
+    if (addrmap == NULL) {
+        PyErr_NoMemory();
        goto exitError;
+    }

    blocks = markblocks(codestr, codelen);
    if (blocks == NULL)