Backport r62261 from trunk: Prevent PyString_FromStringAndSize() from passing negative sizes on to lower level memory allocation functions. Raise a SystemError and return NULL instead.

commit: 14acde30f634c1b52e498e29dd772c4fa9f41380 [log] [tgz]
author: Gregory P. Smith <greg@mad-scientist.com> Wed Apr 09 23:41:13 2008 +0000
committer: Gregory P. Smith <greg@mad-scientist.com> Wed Apr 09 23:41:13 2008 +0000
tree: b630b6689e7b4e4f2e3ea92c7f40c1fb85b82d35
parent: 3782da4e0a0bec3def64eda045d76bd1943ccaf1 [diff] [blame]
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index e1e287f..7cd613d 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c

@@ -54,6 +54,11 @@
 {
 	register PyStringObject *op;
 	assert(size >= 0);
+	if (size < 0) {
+		PyErr_SetString(PyExc_SystemError,
+		    "Negative size passed to PyString_FromStringAndSize");
+		return NULL;
+	}
 	if (size == 0 && (op = nullstring) != NULL) {
 #ifdef COUNT_ALLOCS
 		null_strings++;
commit	14acde30f634c1b52e498e29dd772c4fa9f41380	[log] [tgz]
author	Gregory P. Smith <greg@mad-scientist.com>	Wed Apr 09 23:41:13 2008 +0000
committer	Gregory P. Smith <greg@mad-scientist.com>	Wed Apr 09 23:41:13 2008 +0000
tree	b630b6689e7b4e4f2e3ea92c7f40c1fb85b82d35
parent	3782da4e0a0bec3def64eda045d76bd1943ccaf1 [diff] [blame]