Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 2fe9bac4dca34e86d44b7e169f3795fde4c841a1^! / . / Parser / myreadline.c
commit2fe9bac4dca34e86d44b7e169f3795fde4c841a1[log] [tgz]
authorVictor Stinner <victor.stinner@gmail.com>Thu Oct 10 16:18:20 2013 +0200
committerVictor Stinner <victor.stinner@gmail.com>Thu Oct 10 16:18:20 2013 +0200
treebdfa2e05ffa05074b815c1c02ec23d3effcd23d3
parent6cf185dc064577c6f472c86741e91fb28ec82e2d [diff] [blame]
Close #16742: Fix misuse of memory allocations in PyOS_Readline()

The GIL must be held to call PyMem_Malloc(), whereas PyOS_Readline() releases
the GIL to read input.

The result of the C callback PyOS_ReadlineFunctionPointer must now be a string
allocated by PyMem_RawMalloc() or PyMem_RawRealloc() (or NULL if an error
occurred), instead of a string allocated by PyMem_Malloc() or PyMem_Realloc().

Fixing this issue was required to setup a hook on PyMem_Malloc(), for example
using the tracemalloc module.

PyOS_Readline() copies the result of PyOS_ReadlineFunctionPointer() into a new
buffer allocated by PyMem_Malloc(). So the public API of PyOS_Readline() does
not change.

diff --git a/Parser/myreadline.c b/Parser/myreadline.c
index 3cf334d..562494e 100644
--- a/Parser/myreadline.c
+++ b/Parser/myreadline.c

@@ -113,18 +113,22 @@
 {
     size_t n;
     char *p, *pr;
+
     n = 100;
-    if ((p = (char *)PyMem_MALLOC(n)) == NULL)
+    p = (char *)PyMem_RawMalloc(n);
+    if (p == NULL)
         return NULL;
+
     fflush(sys_stdout);
     if (prompt)
         fprintf(stderr, "%s", prompt);
     fflush(stderr);
+
     switch (my_fgets(p, (int)n, sys_stdin)) {
     case 0: /* Normal case */
         break;
     case 1: /* Interrupt */
-        PyMem_FREE(p);
+        PyMem_RawFree(p);
         return NULL;
     case -1: /* EOF */
     case -2: /* Error */
@@ -140,7 +144,7 @@
             PyErr_SetString(PyExc_OverflowError, "input line too long");
             return NULL;
         }
-        pr = (char *)PyMem_REALLOC(p, n + incr);
+        pr = (char *)PyMem_RawRealloc(p, n + incr);
         if (pr == NULL) {
             PyMem_FREE(p);
             PyErr_NoMemory();
@@ -151,7 +155,7 @@
             break;
         n += strlen(p+n);
     }
-    pr = (char *)PyMem_REALLOC(p, n+1);
+    pr = (char *)PyMem_RawRealloc(p, n+1);
     if (pr == NULL) {
         PyMem_FREE(p);
         PyErr_NoMemory();
@@ -174,7 +178,8 @@
 char *
 PyOS_Readline(FILE *sys_stdin, FILE *sys_stdout, char *prompt)
 {
-    char *rv;
+    char *rv, *res;
+    size_t len;
 
     if (_PyOS_ReadlineTState == PyThreadState_GET()) {
         PyErr_SetString(PyExc_RuntimeError,
@@ -221,5 +226,14 @@
 
     _PyOS_ReadlineTState = NULL;
 
-    return rv;
+    if (rv == NULL)
+        return NULL;
+
+    len = strlen(rv) + 1;
+    res = PyMem_Malloc(len);
+    if (res != NULL)
+        memcpy(res, rv, len);
+    PyMem_RawFree(rv);
+
+    return res;
 }