Merged revisions 77573 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r77573 | antoine.pitrou | 2010-01-17 13:26:20 +0100 (dim., 17 janv. 2010) | 6 lines
Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
could crash in many places because of the PyByteArray_AS_STRING() macro
returning NULL. The macro now returns a statically allocated empty
string instead.
........
diff --git a/Include/bytearrayobject.h b/Include/bytearrayobject.h
index 265b4bb..8702e5a 100644
--- a/Include/bytearrayobject.h
+++ b/Include/bytearrayobject.h
@@ -44,9 +44,13 @@
PyAPI_FUNC(int) PyByteArray_Resize(PyObject *, Py_ssize_t);
/* Macros, trading safety for speed */
-#define PyByteArray_AS_STRING(self) (assert(PyByteArray_Check(self)),((PyByteArrayObject *)(self))->ob_bytes)
+#define PyByteArray_AS_STRING(self) \
+ (assert(PyByteArray_Check(self)), \
+ Py_SIZE(self) ? ((PyByteArrayObject *)(self))->ob_bytes : _PyByteArray_empty_string)
#define PyByteArray_GET_SIZE(self) (assert(PyByteArray_Check(self)),Py_SIZE(self))
+extern char _PyByteArray_empty_string[];
+
#ifdef __cplusplus
}
#endif
diff --git a/Lib/test/test_bytes.py b/Lib/test/test_bytes.py
index 48b0258..f8f36de 100644
--- a/Lib/test/test_bytes.py
+++ b/Lib/test/test_bytes.py
@@ -787,6 +787,13 @@
self.assertRaises(BufferError, delslice)
self.assertEquals(b, orig)
+ def test_empty_bytearray(self):
+ # Issue #7561: operations on empty bytearrays could crash in many
+ # situations, due to a fragile implementation of the
+ # PyByteArray_AS_STRING() C macro.
+ self.assertRaises(ValueError, int, bytearray(b''))
+
+
class AssortedBytesTest(unittest.TestCase):
#
# Test various combinations of bytes and bytearray
diff --git a/Misc/NEWS b/Misc/NEWS
index 07e2173..9d43874 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,11 @@
Core and Builtins
-----------------
+- Issue #7561: Operations on empty bytearrays (such as `int(bytearray())`)
+ could crash in many places because of the PyByteArray_AS_STRING() macro
+ returning NULL. The macro now returns a statically allocated empty
+ string instead.
+
- Issue #7604: Deleting an unset slotted attribute did not raise an
AttributeError.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 8aa2928..c4a25c0 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -6,6 +6,7 @@
#include "bytes_methods.h"
static PyByteArrayObject *nullbytes = NULL;
+char _PyByteArray_empty_string[] = "";
void
PyByteArray_Fini(void)
@@ -74,7 +75,7 @@
"accessing non-existent bytes segment");
return -1;
}
- *ptr = (void *)self->ob_bytes;
+ *ptr = (void *)PyByteArray_AS_STRING(self);
return Py_SIZE(self);
}
@@ -86,7 +87,7 @@
"accessing non-existent bytes segment");
return -1;
}
- *ptr = (void *)self->ob_bytes;
+ *ptr = (void *)PyByteArray_AS_STRING(self);
return Py_SIZE(self);
}
@@ -106,7 +107,7 @@
"accessing non-existent bytes segment");
return -1;
}
- *ptr = self->ob_bytes;
+ *ptr = PyByteArray_AS_STRING(self);
return Py_SIZE(self);
}
@@ -119,10 +120,7 @@
obj->ob_exports++;
return 0;
}
- if (obj->ob_bytes == NULL)
- ptr = "";
- else
- ptr = obj->ob_bytes;
+ ptr = (void *) PyByteArray_AS_STRING(obj);
ret = PyBuffer_FillInfo(view, (PyObject*)obj, ptr, Py_SIZE(obj), 0, flags);
if (ret >= 0) {
obj->ob_exports++;
@@ -201,7 +199,7 @@
Py_DECREF(new);
return PyErr_NoMemory();
}
- if (bytes != NULL)
+ if (bytes != NULL && size > 0)
memcpy(new->ob_bytes, bytes, size);
new->ob_bytes[size] = '\0'; /* Trailing null byte */
}