commit faa54a392951468090f0095ffa927b16fcb20ca4
author Neal Norwitz <nnorwitz@gmail.com> Sun Aug 19 04:23:20 2007 +0000
committer Neal Norwitz <nnorwitz@gmail.com> Sun Aug 19 04:23:20 2007 +0000
tree a8586a5cc833217e6b1eaf4d052313475534178a
parent 1836358c016cd7f5117f4f34fa3a27c5701e8265

Code review of the new buffer protocol.  Mostly add questions that should
be answered with the comments removed.

There are many places that require checks when doing arithmetic for memory
sizes when allocating memory.  Otherwise, overflow is possible with
a subsequent crash.

Fix SF #1777057 which was a result of not initializing the new BufferError
properly.  Had to update the test for exceptions for BufferError too.

Objects/bufferobject.c

diff --git a/Objects/bufferobject.c b/Objects/bufferobject.c
index a8bbd15..ccd4980 100644
--- a/Objects/bufferobject.c
+++ b/Objects/bufferobject.c
@@ -64,7 +64,7 @@
                         (*bp->bf_releasebuffer)(self->b_base, view);
                 }
         }
-        return;
+	/* XXX(nnorwitz): do we need to release view here?  it leaks. */
 }
 
 static PyObject *
@@ -401,6 +401,7 @@
                 return NULL;
         }
 
+	/* XXX(nnorwitz): need to check for overflow! */
  	ob = PyBytes_FromStringAndSize(NULL, view.len+view2.len);
 	if ( ob == NULL ) {
                 PyObject_ReleaseBuffer((PyObject *)self, &view);
@@ -427,6 +428,7 @@
 		count = 0;
 	if (!get_buf(self, &view, PyBUF_SIMPLE))
 		return NULL;
+	/* XXX(nnorwitz): need to check for overflow! */
 	ob = PyBytes_FromStringAndSize(NULL, view.len * count);
 	if ( ob == NULL )
 		return NULL;
@@ -474,6 +476,7 @@
 		right = view.len;
 	if ( right < left )
 		right = left;
+	/* XXX(nnorwitz): is it possible to access unitialized memory? */
 	ob = PyBytes_FromStringAndSize((char *)view.buf + left,
                                        right - left);
         PyObject_ReleaseBuffer((PyObject *)self, &view);