Commit fc8d6f4b authored by Antoine Pitrou's avatar Antoine Pitrou

Merged revisions 77573 via svnmerge from

svn+ssh://pythondev@svn.python.org/python/trunk

........
  r77573 | antoine.pitrou | 2010-01-17 13:26:20 +0100 (dim., 17 janv. 2010) | 6 lines

  Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
  could crash in many places because of the PyByteArray_AS_STRING() macro
  returning NULL.  The macro now returns a statically allocated empty
  string instead.
........
parent 1119a649
......@@ -44,9 +44,13 @@ PyAPI_FUNC(char *) PyByteArray_AsString(PyObject *);
PyAPI_FUNC(int) PyByteArray_Resize(PyObject *, Py_ssize_t);
/* Macros, trading safety for speed */
#define PyByteArray_AS_STRING(self) (assert(PyByteArray_Check(self)),((PyByteArrayObject *)(self))->ob_bytes)
#define PyByteArray_AS_STRING(self) \
(assert(PyByteArray_Check(self)), \
Py_SIZE(self) ? ((PyByteArrayObject *)(self))->ob_bytes : _PyByteArray_empty_string)
#define PyByteArray_GET_SIZE(self) (assert(PyByteArray_Check(self)),Py_SIZE(self))
extern char _PyByteArray_empty_string[];
#ifdef __cplusplus
}
#endif
......
......@@ -817,6 +817,14 @@ class ByteArrayTest(BaseBytesTest):
self.assertRaises(BufferError, delslice)
self.assertEquals(b, orig)
def test_empty_bytearray(self):
# Issue #7561: operations on empty bytearrays could crash in many
# situations, due to a fragile implementation of the
# PyByteArray_AS_STRING() C macro.
self.assertRaises(ValueError, int, bytearray(b''))
self.assertRaises((ValueError, OSError), os.mkdir, bytearray(b''))
class AssortedBytesTest(unittest.TestCase):
#
# Test various combinations of bytes and bytearray
......
......@@ -12,6 +12,11 @@ What's New in Python 3.2 Alpha 1?
Core and Builtins
-----------------
- Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
could crash in many places because of the PyByteArray_AS_STRING() macro
returning NULL. The macro now returns a statically allocated empty
string instead.
- Issue #6690: Optimize the bytecode for expressions such as `x in {1, 2, 3}`,
where the right hand operand is a set of constants, by turning the set into
a frozenset and pre-building it as a constant. The comparison operation
......
......@@ -5,23 +5,16 @@
#include "structmember.h"
#include "bytes_methods.h"
static PyByteArrayObject *nullbytes = NULL;
char _PyByteArray_empty_string[] = "";
void
PyByteArray_Fini(void)
{
Py_CLEAR(nullbytes);
}
int
PyByteArray_Init(void)
{
nullbytes = PyObject_New(PyByteArrayObject, &PyByteArray_Type);
if (nullbytes == NULL)
return 0;
nullbytes->ob_bytes = NULL;
Py_SIZE(nullbytes) = nullbytes->ob_alloc = 0;
nullbytes->ob_exports = 0;
return 1;
}
......@@ -65,10 +58,7 @@ bytearray_getbuffer(PyByteArrayObject *obj, Py_buffer *view, int flags)
obj->ob_exports++;
return 0;
}
if (obj->ob_bytes == NULL)
ptr = "";
else
ptr = obj->ob_bytes;
ptr = (void *) PyByteArray_AS_STRING(obj);
ret = PyBuffer_FillInfo(view, (PyObject*)obj, ptr, Py_SIZE(obj), 0, flags);
if (ret >= 0) {
obj->ob_exports++;
......@@ -152,7 +142,7 @@ PyByteArray_FromStringAndSize(const char *bytes, Py_ssize_t size)
Py_DECREF(new);
return PyErr_NoMemory();
}
if (bytes != NULL)
if (bytes != NULL && size > 0)
memcpy(new->ob_bytes, bytes, size);
new->ob_bytes[size] = '\0'; /* Trailing null byte */
}
......@@ -1038,7 +1028,6 @@ bytearray_dealloc(PyByteArrayObject *self)
#define STRINGLIB_LEN PyByteArray_GET_SIZE
#define STRINGLIB_STR PyByteArray_AS_STRING
#define STRINGLIB_NEW PyByteArray_FromStringAndSize
#define STRINGLIB_EMPTY nullbytes
#define STRINGLIB_ISSPACE Py_ISSPACE
#define STRINGLIB_ISLINEBREAK(x) ((x == '\n') || (x == '\r'))
#define STRINGLIB_CHECK_EXACT PyByteArray_CheckExact
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment