Even though _Py_Mangle() isn't truly public anyone can call it and

there was no verification that privateobj was a PyString. If it wasn't a string, this could have allowed a NULL pointer to creep in below and crash. I wonder if this should be PyString_CheckExact? Must identifiers be strings or can they be subclasses? Klocwork #275

Even though _Py_Mangle() isn't truly public anyone can call it and
there was no verification that privateobj was a PyString. If it wasn't a string, this could have allowed a NULL pointer to creep in below and crash. I wonder if this should be PyString_CheckExact? Must identifiers be strings or can they be subclasses? Klocwork #275
84167d09 · Neal Norwitz · 6f5ff3f3 · 84167d09
Commit 84167d09 authored Aug 12, 2006 by Neal Norwitz
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

Python/compile.c Python/compile.c +2 -2

No files found.
--- a/Python/compile.c
+++ b/Python/compile.c
@@ -204,8 +204,8 @@ _Py_Mangle(PyObject *privateobj, PyObject *ident)
 	const char *p, *name = PyString_AsString(ident);
 	char *buffer;
 	size_t nlen, plen;
-	if (privateobj == NULL || name == NULL || name[0] != '_' ||
-            name[1] != '_') {
+	if (privateobj == NULL || !PyString_Check(privateobj) ||
+	    name == NULL || name[0] != '_' || name[1] != '_') {
 		Py_INCREF(ident);
 		return ident;
 	}