Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 6eec87810fcf75249cb1060424f69ef5859e3fb1^! / .
commit6eec87810fcf75249cb1060424f69ef5859e3fb1[log] [tgz]
authorMartin Panter <vadmium+py@gmail.com>Wed Sep 07 11:04:41 2016 +0000
committerMartin Panter <vadmium+py@gmail.com>Wed Sep 07 11:04:41 2016 +0000
treea22e65c1c04d94dcc3de2f46c7dd4f26701182f4
parent68b1f708bd27eb0551c26ae3dfcece71c12d2259 [diff]
Issue #27570: Avoid zero-length memcpy() calls with null source pointers

diff --git a/Lib/test/test_array.py b/Lib/test/test_array.py
index 9f5c09d..0e6f515 100644
--- a/Lib/test/test_array.py
+++ b/Lib/test/test_array.py

@@ -22,9 +22,9 @@
 if test_support.have_unicode:
     typecodes += "u"
 
-class BadConstructorTest(unittest.TestCase):
+class MiscTest(unittest.TestCase):
 
-    def test_constructor(self):
+    def test_bad_constructor(self):
         self.assertRaises(TypeError, array.array)
         self.assertRaises(TypeError, array.array, spam=42)
         self.assertRaises(TypeError, array.array, 'xx')
@@ -40,7 +40,17 @@
         self.assertRaises(ValueError, array.array, u'x')
         self.assertRaises(ValueError, array.array, u'\x80')
 
-tests.append(BadConstructorTest)
+    def test_empty(self):
+        # Exercise code for handling zero-length arrays
+        a = array.array('B')
+        a[:] = a
+        self.assertEqual(len(a), 0)
+        self.assertEqual(len(a + a), 0)
+        self.assertEqual(len(a * 3), 0)
+        a += a
+        self.assertEqual(len(a), 0)
+
+tests.append(MiscTest)
 
 class BaseTest(unittest.TestCase):
     # Required class attributes (provided by subclasses

diff --git a/Misc/NEWS b/Misc/NEWS
index fca7436..cc57065 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -40,6 +40,9 @@
 Library
 -------
 
+- Issue #27570: Avoid zero-length memcpy() etc calls with null source
+  pointers in the "ctypes" and "array" modules.
+
 - lib2to3.pgen3.driver.load_grammar() now creates a stable cache file
   between runs given the same Grammar.txt input regardless of the hash
   randomization setting.

diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
index 421cdcc..a1c0be8 100644
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c

@@ -1426,8 +1426,10 @@
         return NULL;
     }
     stgdict->shape[0] = length;
-    memmove(&stgdict->shape[1], itemdict->shape,
-        sizeof(Py_ssize_t) * (stgdict->ndim - 1));
+    if (stgdict->ndim > 1) {
+        memmove(&stgdict->shape[1], itemdict->shape,
+            sizeof(Py_ssize_t) * (stgdict->ndim - 1));
+    }
 
     itemsize = itemdict->size;
     if (length * itemsize < 0) {

diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
index 31528af..90ce3e5 100644
--- a/Modules/_ctypes/stgdict.c
+++ b/Modules/_ctypes/stgdict.c

@@ -395,9 +395,11 @@
         }
         memset(stgdict->ffi_type_pointer.elements, 0,
                sizeof(ffi_type *) * (basedict->length + len + 1));
-        memcpy(stgdict->ffi_type_pointer.elements,
-               basedict->ffi_type_pointer.elements,
-               sizeof(ffi_type *) * (basedict->length));
+        if (basedict->length > 0) {
+            memcpy(stgdict->ffi_type_pointer.elements,
+                   basedict->ffi_type_pointer.elements,
+                   sizeof(ffi_type *) * (basedict->length));
+        }
         ffi_ofs = basedict->length;
     } else {
         offset = 0;

diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c
index fcdd46a..9819141 100644
--- a/Modules/arraymodule.c
+++ b/Modules/arraymodule.c

@@ -620,8 +620,10 @@
     np = (arrayobject *) newarrayobject(&Arraytype, ihigh - ilow, a->ob_descr);
     if (np == NULL)
         return NULL;
-    memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
-           (ihigh-ilow) * a->ob_descr->itemsize);
+    if (ihigh > ilow) {
+        memcpy(np->ob_item, a->ob_item + ilow * a->ob_descr->itemsize,
+               (ihigh-ilow) * a->ob_descr->itemsize);
+    }
     return (PyObject *)np;
 }
 
@@ -660,9 +662,13 @@
     if (np == NULL) {
         return NULL;
     }
-    memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
-    memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
-           b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    if (Py_SIZE(a) > 0) {
+        memcpy(np->ob_item, a->ob_item, Py_SIZE(a)*a->ob_descr->itemsize);
+    }
+    if (Py_SIZE(b) > 0) {
+        memcpy(np->ob_item + Py_SIZE(a)*a->ob_descr->itemsize,
+               b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    }
     return (PyObject *)np;
 #undef b
 }
@@ -684,6 +690,8 @@
     np = (arrayobject *) newarrayobject(&Arraytype, size, a->ob_descr);
     if (np == NULL)
         return NULL;
+    if (size == 0)
+        return (PyObject *)np;
     p = np->ob_item;
     nbytes = Py_SIZE(a) * a->ob_descr->itemsize;
     for (i = 0; i < n; i++) {
@@ -838,8 +846,10 @@
         PyErr_NoMemory();
         return -1;
     }
-    memcpy(self->ob_item + Py_SIZE(self)*self->ob_descr->itemsize,
-           b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    if (Py_SIZE(b) > 0) {
+        memcpy(self->ob_item + Py_SIZE(self)*self->ob_descr->itemsize,
+               b->ob_item, Py_SIZE(b)*b->ob_descr->itemsize);
+    }
     Py_SIZE(self) = size;
     self->allocated = size;