Issue 23855: Missing Sanity Check for malloc() in PC/_msi.c (original) (raw)
Hello All,
In reviewing code in Python-3.4.3/PC/_msi.c, I found a call to malloc() at line 326 in function 'static PyObject* msierror(int status)' in which the call is made and assigned to variable 'res', but no check for NULL, indicating failure is made afterwards. The patch below corrects this issue:
--- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700 +++ _msi.c 2015-04-02 15:02:43.382099357 -0700 @@ -324,6 +324,10 @@ code = MsiRecordGetInteger(err, 1); /* XXX code */ if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) { res = malloc(size+1);
if (res == NULL) /* malloc() failed, out of memory... */PyErr_SetString(MSIError, "out of memory");return NULL;
}} MsiFormatRecord(0, err, res, &size); res[size]='\0';
In directory 'PC', file '_msi.c', I found another call to malloc() which was not checked for a return value of NULL which would indicate failure. The new patch file is below:
--- _msi.c.orig 2015-04-02 15:01:02.882326352 -0700 +++ _msi.c 2015-04-04 16:36:56.919605881 -0700 @@ -324,6 +324,10 @@ code = MsiRecordGetInteger(err, 1); /* XXX code */ if (MsiFormatRecord(0, err, res, &size) == ERROR_MORE_DATA) { res = malloc(size+1);
if (res == NULL) /* malloc() failed, out of memory... */PyErr_SetString(MSIError, "out of memory");return NULL;
} @@ -547,6 +551,10 @@ &fval, sval, &ssize); if (status == ERROR_MORE_DATA) { sval = malloc(ssize);} MsiFormatRecord(0, err, res, &size); res[size]='\0';if (sval == NULL) { /* malloc() failed, out of memory... */PyErr_SetString(MSIError, "out of memory");return NULL;
}} status = MsiSummaryInfoGetProperty(si->h, field, &type, &ival, &fval, sval, &ssize);
The suggested patch is not acceptable: MemoryError should be raised in the unlikely event of a malloc() failure, there's a missing call to MsiCloseHandle(), the use of tabs violates PEP 7, and there's a blatant syntax error.