Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer
overflows. Added few missed PyErr_NoMemory().
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
index 39e1ce4..555600d 100644
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -4469,8 +4469,11 @@
slicelen);
}
- dest = (wchar_t *)PyMem_Malloc(
- slicelen * sizeof(wchar_t));
+ dest = PyMem_New(wchar_t, slicelen);
+ if (dest == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
for (cur = start, i = 0; i < slicelen;
cur += step, i++) {
@@ -5250,7 +5253,7 @@
return PyUnicode_FromWideChar(ptr + start,
len);
}
- dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t));
+ dest = PyMem_New(wchar_t, len);
if (dest == NULL)
return PyErr_NoMemory();
for (cur = start, i = 0; i < len; cur += step, i++) {
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
index 95fa0f5..17b9760 100644
--- a/Modules/_ctypes/stgdict.c
+++ b/Modules/_ctypes/stgdict.c
@@ -80,14 +80,18 @@
if (src->format) {
dst->format = PyMem_Malloc(strlen(src->format) + 1);
- if (dst->format == NULL)
+ if (dst->format == NULL) {
+ PyErr_NoMemory();
return -1;
+ }
strcpy(dst->format, src->format);
}
if (src->shape) {
dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim);
- if (dst->shape == NULL)
+ if (dst->shape == NULL) {
+ PyErr_NoMemory();
return -1;
+ }
memcpy(dst->shape, src->shape,
sizeof(Py_ssize_t) * src->ndim);
}
@@ -388,7 +392,7 @@
union_size = 0;
total_align = align ? align : 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
- stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1));
+ stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory();
return -1;
@@ -406,7 +410,7 @@
union_size = 0;
total_align = 1;
stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
- stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1));
+ stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1);
if (stgdict->ffi_type_pointer.elements == NULL) {
PyErr_NoMemory();
return -1;
diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c
index 253a4dc..fe7b098 100644
--- a/Modules/_localemodule.c
+++ b/Modules/_localemodule.c
@@ -314,7 +314,7 @@
}
/* Convert the unicode strings to wchar[]. */
len1 = PyUnicode_GET_SIZE(os1) + 1;
- ws1 = PyMem_MALLOC(len1 * sizeof(wchar_t));
+ ws1 = PyMem_NEW(wchar_t, len1);
if (!ws1) {
PyErr_NoMemory();
goto done;
@@ -323,7 +323,7 @@
goto done;
ws1[len1 - 1] = 0;
len2 = PyUnicode_GET_SIZE(os2) + 1;
- ws2 = PyMem_MALLOC(len2 * sizeof(wchar_t));
+ ws2 = PyMem_NEW(wchar_t, len2);
if (!ws2) {
PyErr_NoMemory();
goto done;
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 9dc0859..e0d888e 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -3891,10 +3891,11 @@
if (_ssl_locks == NULL) {
_ssl_locks_count = CRYPTO_num_locks();
- _ssl_locks = (PyThread_type_lock *)
- PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count);
- if (_ssl_locks == NULL)
+ _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
+ if (_ssl_locks == NULL) {
+ PyErr_NoMemory();
return 0;
+ }
memset(_ssl_locks, 0,
sizeof(PyThread_type_lock) * _ssl_locks_count);
for (i = 0; i < _ssl_locks_count; i++) {
diff --git a/Python/peephole.c b/Python/peephole.c
index fb6cd03..e3bc004 100644
--- a/Python/peephole.c
+++ b/Python/peephole.c
@@ -242,7 +242,7 @@
static unsigned int *
markblocks(unsigned char *code, Py_ssize_t len)
{
- unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int));
+ unsigned int *blocks = PyMem_New(unsigned int, len);
int i,j, opcode, blockcnt = 0;
if (blocks == NULL) {
@@ -343,9 +343,11 @@
goto exitUnchanged;
/* Mapping to new jump targets after NOPs are removed */
- addrmap = (int *)PyMem_Malloc(codelen * sizeof(int));
- if (addrmap == NULL)
+ addrmap = PyMem_New(int, codelen);
+ if (addrmap == NULL) {
+ PyErr_NoMemory();
goto exitError;
+ }
blocks = markblocks(codestr, codelen);
if (blocks == NULL)