(original) (raw)

changeset: 70103:850624632e9a branch: 3.1 parent: 70099:6a45567c7245 user: Nadeem Vawda nadeem.vawda@gmail.com date: Sat May 14 22:26:55 2011 +0200 files: Lib/test/test_zlib.py Modules/zlibmodule.c description: Issue #8650: Backport 64-bit safety fixes for compress() and decompress(). diff -r 6a45567c7245 -r 850624632e9a Lib/test/test_zlib.py --- a/Lib/test/test_zlib.py Sat May 14 14:05:20 2011 +0200 +++ b/Lib/test/test_zlib.py Sat May 14 22:26:55 2011 +0200 @@ -186,6 +186,17 @@ def test_big_decompress_buffer(self, size): self.check_big_decompress_buffer(size, zlib.decompress) + @precisionbigmemtest(size=_4G + 100, memuse=1) + def test_length_overflow(self, size): + if size < _4G + 100: + self.skipTest("not enough free memory, need at least 4 GB") + data = b'x' * size + try: + self.assertRaises(OverflowError, zlib.compress, data, 1) + self.assertRaises(OverflowError, zlib.decompress, data) + finally: + data = None + class CompressObjectTestCase(BaseCompressTestCase, unittest.TestCase): # Test compression object diff -r 6a45567c7245 -r 850624632e9a Modules/zlibmodule.c --- a/Modules/zlibmodule.c Sat May 14 14:05:20 2011 +0200 +++ b/Modules/zlibmodule.c Sat May 14 22:26:55 2011 +0200 @@ -116,13 +116,20 @@ { PyObject *ReturnVal = NULL; Py_buffer pinput; - Byte *input, *output; - int length, level=Z_DEFAULT_COMPRESSION, err; + Byte *input, *output = NULL; + unsigned int length; + int level=Z_DEFAULT_COMPRESSION, err; z_stream zst; /* require Python string object, optional 'level' arg */ if (!PyArg_ParseTuple(args, "y*|i:compress", &pinput, &level)) return NULL; + + if (pinput.len > UINT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "Size does not fit in an unsigned int"); + goto error; + } input = pinput.buf; length = pinput.len; @@ -130,10 +137,9 @@ output = (Byte*)malloc(zst.avail_out); if (output == NULL) { - PyBuffer_Release(&pinput); PyErr_SetString(PyExc_MemoryError, "Can't allocate memory to compress data"); - return NULL; + goto error; } /* Past the point of no return. From here on out, we need to make sure @@ -196,10 +202,11 @@ static PyObject * PyZlib_decompress(PyObject *self, PyObject *args) { - PyObject *result_str; + PyObject *result_str = NULL; Py_buffer pinput; Byte *input; - int length, err; + unsigned int length; + int err; int wsize=DEF_WBITS; Py_ssize_t r_strlen=DEFAULTALLOC; z_stream zst; @@ -207,6 +214,12 @@ if (!PyArg_ParseTuple(args, "y*|in:decompress", &pinput, &wsize, &r_strlen)) return NULL; + + if (pinput.len > UINT_MAX) { + PyErr_SetString(PyExc_OverflowError, + "Size does not fit in an unsigned int"); + goto error; + } input = pinput.buf; length = pinput.len; @@ -216,10 +229,8 @@ zst.avail_in = length; zst.avail_out = r_strlen; - if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen))) { - PyBuffer_Release(&pinput); - return NULL; - } + if (!(result_str = PyBytes_FromStringAndSize(NULL, r_strlen))) + goto error; zst.zalloc = (alloc_func)NULL; zst.zfree = (free_func)Z_NULL; /nadeem.vawda@gmail.com