Repair widespread misuse of _PyString_Resize. Since it's clear people
don't understand how this function works, also beefed up the docs. The
most common usage error is of this form (often spread out across gotos):
if (_PyString_Resize(&s, n) < 0) {
Py_DECREF(s);
s = NULL;
goto outtahere;
}
The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL. So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s): s is already
NULL! A correct way to write the above is the simpler (and intended)
if (_PyString_Resize(&s, n) < 0)
goto outtahere;
Bugfix candidate.
diff --git a/Modules/stropmodule.c b/Modules/stropmodule.c
index 0d5b75c..9a68b20 100644
--- a/Modules/stropmodule.c
+++ b/Modules/stropmodule.c
@@ -215,10 +215,8 @@
}
slen = PyString_GET_SIZE(item);
while (reslen + slen + seplen >= sz) {
- if (_PyString_Resize(&res, sz * 2)) {
- Py_DECREF(res);
+ if (_PyString_Resize(&res, sz * 2) < 0)
return NULL;
- }
sz *= 2;
p = PyString_AsString(res) + reslen;
}
@@ -231,10 +229,7 @@
p += slen;
reslen += slen;
}
- if (_PyString_Resize(&res, reslen)) {
- Py_DECREF(res);
- res = NULL;
- }
+ _PyString_Resize(&res, reslen);
return res;
}
@@ -257,8 +252,7 @@
}
slen = PyString_GET_SIZE(item);
while (reslen + slen + seplen >= sz) {
- if (_PyString_Resize(&res, sz * 2)) {
- Py_DECREF(res);
+ if (_PyString_Resize(&res, sz * 2) < 0) {
Py_DECREF(item);
return NULL;
}
@@ -275,10 +269,7 @@
reslen += slen;
Py_DECREF(item);
}
- if (_PyString_Resize(&res, reslen)) {
- Py_DECREF(res);
- res = NULL;
- }
+ _PyString_Resize(&res, reslen);
return res;
}
@@ -989,8 +980,8 @@
return input_obj;
}
/* Fix the size of the resulting string */
- if (inlen > 0 &&_PyString_Resize(&result, output-output_start))
- return NULL;
+ if (inlen > 0)
+ _PyString_Resize(&result, output - output_start);
return result;
}