From faa54a392951468090f0095ffa927b16fcb20ca4 Mon Sep 17 00:00:00 2001 From: Neal Norwitz Date: Sun, 19 Aug 2007 04:23:20 +0000 Subject: Code review of the new buffer protocol. Mostly add questions that should be answered with the comments removed. There are many places that require checks when doing arithmetic for memory sizes when allocating memory. Otherwise, overflow is possible with a subsequent crash. Fix SF #1777057 which was a result of not initializing the new BufferError properly. Had to update the test for exceptions for BufferError too. --- Objects/bufferobject.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Objects/bufferobject.c') diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c index a8bbd151c8..ccd49805ce 100644 --- a/Objects/bufferobject.c +++ b/Objects/bufferobject.c @@ -64,7 +64,7 @@ buffer_releasebuf(PyBufferObject *self, PyBuffer *view) (*bp->bf_releasebuffer)(self->b_base, view); } } - return; + /* XXX(nnorwitz): do we need to release view here? it leaks. */ } static PyObject * @@ -401,6 +401,7 @@ buffer_concat(PyBufferObject *self, PyObject *other) return NULL; } + /* XXX(nnorwitz): need to check for overflow! */ ob = PyBytes_FromStringAndSize(NULL, view.len+view2.len); if ( ob == NULL ) { PyObject_ReleaseBuffer((PyObject *)self, &view); @@ -427,6 +428,7 @@ buffer_repeat(PyBufferObject *self, Py_ssize_t count) count = 0; if (!get_buf(self, &view, PyBUF_SIMPLE)) return NULL; + /* XXX(nnorwitz): need to check for overflow! */ ob = PyBytes_FromStringAndSize(NULL, view.len * count); if ( ob == NULL ) return NULL; @@ -474,6 +476,7 @@ buffer_slice(PyBufferObject *self, Py_ssize_t left, Py_ssize_t right) right = view.len; if ( right < left ) right = left; + /* XXX(nnorwitz): is it possible to access unitialized memory? */ ob = PyBytes_FromStringAndSize((char *)view.buf + left, right - left); PyObject_ReleaseBuffer((PyObject *)self, &view); -- cgit v1.2.1