Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer

serhiy-storchaka · serhiy-storchaka · commit 4d0d98298519 · 2015-02-16T13:33:32.000+02:00
overflows.  Added few missed PyErr_NoMemory().
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
@@ -4305,8 +4305,11 @@ Array_subscript(PyObject *myself, PyObject *item)
                                               slicelen);
             }
 
-            dest = (wchar_t *)PyMem_Malloc(
-                                    slicelen * sizeof(wchar_t));
+            dest = PyMem_New(wchar_t, slicelen);
+            if (dest == NULL) {
+                PyErr_NoMemory();
+                return NULL;
+            }
 
             for (cur = start, i = 0; i < slicelen;
                  cur += step, i++) {
@@ -4986,7 +4989,7 @@ Pointer_subscript(PyObject *myself, PyObject *item)
                 return PyUnicode_FromWideChar(ptr + start,
                                               len);
             }
-            dest = (wchar_t *)PyMem_Malloc(len * sizeof(wchar_t));
+            dest = PyMem_New(wchar_t, len);
             if (dest == NULL)
                 return PyErr_NoMemory();
             for (cur = start, i = 0; i < len; cur += step, i++) {
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
@@ -76,14 +76,18 @@ PyCStgDict_clone(StgDictObject *dst, StgDictObject *src)
 
     if (src->format) {
         dst->format = PyMem_Malloc(strlen(src->format) + 1);
-        if (dst->format == NULL)
+        if (dst->format == NULL) {
+            PyErr_NoMemory();
             return -1;
+        }
         strcpy(dst->format, src->format);
     }
     if (src->shape) {
         dst->shape = PyMem_Malloc(sizeof(Py_ssize_t) * src->ndim);
-        if (dst->shape == NULL)
+        if (dst->shape == NULL) {
+            PyErr_NoMemory();
             return -1;
+        }
         memcpy(dst->shape, src->shape,
                sizeof(Py_ssize_t) * src->ndim);
     }
@@ -380,7 +384,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
         union_size = 0;
         total_align = align ? align : 1;
         stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
-        stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (basedict->length + len + 1));
+        stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, basedict->length + len + 1);
         if (stgdict->ffi_type_pointer.elements == NULL) {
             PyErr_NoMemory();
             return -1;
@@ -398,7 +402,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
         union_size = 0;
         total_align = 1;
         stgdict->ffi_type_pointer.type = FFI_TYPE_STRUCT;
-        stgdict->ffi_type_pointer.elements = PyMem_Malloc(sizeof(ffi_type *) * (len + 1));
+        stgdict->ffi_type_pointer.elements = PyMem_New(ffi_type *, len + 1);
         if (stgdict->ffi_type_pointer.elements == NULL) {
             PyErr_NoMemory();
             return -1;
diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c
@@ -254,7 +254,7 @@ PyLocale_strxfrm(PyObject* self, PyObject* args)
 
     /* assume no change in size, first */
     n1 = n1 + 1;
-    buf = PyMem_Malloc(n1 * sizeof(wchar_t));
+    buf = PyMem_New(wchar_t, n1);
     if (!buf) {
         PyErr_NoMemory();
         goto exit;
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -4287,10 +4287,11 @@ static int _setup_ssl_threads(void) {
 
     if (_ssl_locks == NULL) {
         _ssl_locks_count = CRYPTO_num_locks();
-        _ssl_locks = (PyThread_type_lock *)
-            PyMem_Malloc(sizeof(PyThread_type_lock) * _ssl_locks_count);
-        if (_ssl_locks == NULL)
+        _ssl_locks = PyMem_New(PyThread_type_lock, _ssl_locks_count);
+        if (_ssl_locks == NULL) {
+            PyErr_NoMemory();
             return 0;
+        }
         memset(_ssl_locks, 0,
                sizeof(PyThread_type_lock) * _ssl_locks_count);
         for (i = 0;  i < _ssl_locks_count;  i++) {
diff --git a/Modules/_testbuffer.c b/Modules/_testbuffer.c
@@ -850,7 +850,7 @@ seq_as_ssize_array(PyObject *seq, Py_ssize_t len, int is_shape)
     Py_ssize_t *dest;
     Py_ssize_t x, i;
 
-    dest = PyMem_Malloc(len * (sizeof *dest));
+    dest = PyMem_New(Py_ssize_t, len);
     if (dest == NULL) {
         PyErr_NoMemory();
         return NULL;
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
@@ -1517,7 +1517,7 @@ unicode_aswidechar(PyObject *self, PyObject *args)
 
     if (!PyArg_ParseTuple(args, "Un", &unicode, &buflen))
         return NULL;
-    buffer = PyMem_Malloc(buflen * sizeof(wchar_t));
+    buffer = PyMem_New(wchar_t, buflen);
     if (buffer == NULL)
         return PyErr_NoMemory();
 
diff --git a/Modules/getpath.c b/Modules/getpath.c
@@ -735,7 +735,7 @@ calculate_path(void)
     bufsz += wcslen(zip_path) + 1;
     bufsz += wcslen(exec_prefix) + 1;
 
-    buf = (wchar_t *)PyMem_Malloc(bufsz * sizeof(wchar_t));
+    buf = PyMem_New(wchar_t, bufsz);
     if (buf == NULL) {
         Py_FatalError(
             "Not enough memory for dynamic PYTHONPATH");
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
@@ -1620,7 +1620,7 @@ get_target_path(HANDLE hdl, wchar_t **target_path)
     if(!buf_size)
         return FALSE;
 
-    buf = (wchar_t *)PyMem_Malloc((buf_size+1)*sizeof(wchar_t));
+    buf = PyMem_New(wchar_t, buf_size+1);
     if (!buf) {
         SetLastError(ERROR_OUTOFMEMORY);
         return FALSE;
@@ -4472,7 +4472,7 @@ _listdir_windows_no_opendir(path_t *path, PyObject *list)
             len = wcslen(path->wide);
         }
         /* The +5 is so we can append "\\*.*\0" */
-        wnamebuf = PyMem_Malloc((len + 5) * sizeof(wchar_t));
+        wnamebuf = PyMem_New(wchar_t, len + 5);
         if (!wnamebuf) {
             PyErr_NoMemory();
             goto exit;
@@ -4809,7 +4809,7 @@ posix__getfullpathname(PyObject *self, PyObject *args)
                                   Py_ARRAY_LENGTH(woutbuf),
                                   woutbuf, &wtemp);
         if (result > Py_ARRAY_LENGTH(woutbuf)) {
-            woutbufp = PyMem_Malloc(result * sizeof(wchar_t));
+            woutbufp = PyMem_New(wchar_t, result);
             if (!woutbufp)
                 return PyErr_NoMemory();
             result = GetFullPathNameW(wpath, result, woutbufp, &wtemp);
@@ -4923,7 +4923,7 @@ os__getfinalpathname_impl(PyModuleDef *module, PyObject *path)
     if(!buf_size)
         return win32_error_object("GetFinalPathNameByHandle", path);
 
-    target_path = (wchar_t *)PyMem_Malloc((buf_size+1)*sizeof(wchar_t));
+    target_path = PyMem_New(wchar_t, buf_size+1);
     if(!target_path)
         return PyErr_NoMemory();
 
@@ -5041,7 +5041,7 @@ os__getvolumepathname_impl(PyModuleDef *module, PyObject *path)
         return NULL;
     }
 
-    mountpath = (wchar_t *)PyMem_Malloc(buflen * sizeof(wchar_t));
+    mountpath = PyMem_New(wchar_t, buflen);
     if (mountpath == NULL)
         return PyErr_NoMemory();
 
@@ -8421,9 +8421,9 @@ posix_getgrouplist(PyObject *self, PyObject *args)
 #endif
 
 #ifdef __APPLE__
-    groups = PyMem_Malloc(ngroups * sizeof(int));
+    groups = PyMem_New(int, ngroups);
 #else
-    groups = PyMem_Malloc(ngroups * sizeof(gid_t));
+    groups = PyMem_New(gid_t, ngroups);
 #endif
     if (groups == NULL)
         return PyErr_NoMemory();
@@ -8523,7 +8523,7 @@ os_getgroups_impl(PyModuleDef *module)
         /* groups will fit in existing array */
         alt_grouplist = grouplist;
     } else {
-        alt_grouplist = PyMem_Malloc(n * sizeof(gid_t));
+        alt_grouplist = PyMem_New(gid_t, n);
         if (alt_grouplist == NULL) {
             errno = EINVAL;
             return posix_error();
@@ -8549,7 +8549,7 @@ os_getgroups_impl(PyModuleDef *module)
                 /* Avoid malloc(0) */
                 alt_grouplist = grouplist;
             } else {
-                alt_grouplist = PyMem_Malloc(n * sizeof(gid_t));
+                alt_grouplist = PyMem_New(gid_t, n);
                 if (alt_grouplist == NULL) {
                     errno = EINVAL;
                     return posix_error();
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
@@ -1093,7 +1093,7 @@ pyexpat_xmlparser_ExternalEntityParserCreate_impl(xmlparseobject *self, const ch
     for (i = 0; handler_info[i].name != NULL; i++)
         /* do nothing */;
 
-    new_parser->handlers = PyMem_Malloc(sizeof(PyObject *) * i);
+    new_parser->handlers = PyMem_New(PyObject *, i);
     if (!new_parser->handlers) {
         Py_DECREF(new_parser);
         return PyErr_NoMemory();
@@ -1416,7 +1416,7 @@ newxmlparseobject(const char *encoding, const char *namespace_separator, PyObjec
     for (i = 0; handler_info[i].name != NULL; i++)
         /* do nothing */;
 
-    self->handlers = PyMem_Malloc(sizeof(PyObject *) * i);
+    self->handlers = PyMem_New(PyObject *, i);
     if (!self->handlers) {
         Py_DECREF(self);
         return PyErr_NoMemory();
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
@@ -4213,9 +4213,11 @@ socket_gethostname(PyObject *self, PyObject *unused)
 
     /* MSDN says ERROR_MORE_DATA may occur because DNS allows longer
        names */
-    name = PyMem_Malloc(size * sizeof(wchar_t));
-    if (!name)
+    name = PyMem_New(wchar_t, size);
+    if (!name) {
+        PyErr_NoMemory();
         return NULL;
+    }
     if (!GetComputerNameExW(ComputerNamePhysicalDnsHostname,
                            name,
                            &size))
diff --git a/Modules/unicodedata.c b/Modules/unicodedata.c
@@ -556,7 +556,7 @@ nfd_nfkd(PyObject *self, PyObject *input, int k)
     /* Overallocate at most 10 characters. */
     space = (isize > 10 ? 10 : isize) + isize;
     osize = space;
-    output = PyMem_Malloc(space * sizeof(Py_UCS4));
+    output = PyMem_New(Py_UCS4, space);
     if (!output) {
         PyErr_NoMemory();
         return NULL;
@@ -703,7 +703,7 @@ nfc_nfkc(PyObject *self, PyObject *input, int k)
     /* We allocate a buffer for the output.
        If we find that we made no changes, we still return
        the NFD result. */
-    output = PyMem_Malloc(len * sizeof(Py_UCS4));
+    output = PyMem_New(Py_UCS4, len);
     if (!output) {
         PyErr_NoMemory();
         Py_DECREF(result);
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
@@ -233,7 +233,7 @@ make_filename(PyObject *prefix, PyObject *name)
     Py_ssize_t len;
 
     len = PyUnicode_GET_LENGTH(prefix) + PyUnicode_GET_LENGTH(name) + 1;
-    p = buf = PyMem_Malloc(sizeof(Py_UCS4) * len);
+    p = buf = PyMem_New(Py_UCS4, len);
     if (buf == NULL) {
         PyErr_NoMemory();
         return NULL;
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
@@ -2186,7 +2186,7 @@ _PyUnicode_AsKind(PyObject *s, unsigned int kind)
     }
     switch (kind) {
     case PyUnicode_2BYTE_KIND:
-        result = PyMem_Malloc(len * sizeof(Py_UCS2));
+        result = PyMem_New(Py_UCS2, len);
         if (!result)
             return PyErr_NoMemory();
         assert(skind == PyUnicode_1BYTE_KIND);
@@ -2197,7 +2197,7 @@ _PyUnicode_AsKind(PyObject *s, unsigned int kind)
             result);
         return result;
     case PyUnicode_4BYTE_KIND:
-        result = PyMem_Malloc(len * sizeof(Py_UCS4));
+        result = PyMem_New(Py_UCS4, len);
         if (!result)
             return PyErr_NoMemory();
         if (skind == PyUnicode_2BYTE_KIND) {
@@ -2239,11 +2239,7 @@ as_ucs4(PyObject *string, Py_UCS4 *target, Py_ssize_t targetsize,
     if (copy_null)
         targetlen++;
     if (!target) {
-        if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(Py_UCS4) < targetlen) {
-            PyErr_NoMemory();
-            return NULL;
-        }
-        target = PyMem_Malloc(targetlen * sizeof(Py_UCS4));
+        target = PyMem_New(Py_UCS4, targetlen);
         if (!target) {
             PyErr_NoMemory();
             return NULL;
@@ -2817,12 +2813,7 @@ PyUnicode_AsWideCharString(PyObject *unicode,
     buflen = unicode_aswidechar(unicode, NULL, 0);
     if (buflen == -1)
         return NULL;
-    if (PY_SSIZE_T_MAX / (Py_ssize_t)sizeof(wchar_t) < buflen) {
-        PyErr_NoMemory();
-        return NULL;
-    }
-
-    buffer = PyMem_MALLOC(buflen * sizeof(wchar_t));
+    buffer = PyMem_NEW(wchar_t, buflen);
     if (buffer == NULL) {
         PyErr_NoMemory();
         return NULL;
@@ -3515,10 +3506,7 @@ PyUnicode_DecodeLocaleAndSize(const char *str, Py_ssize_t len,
             wstr = smallbuf;
         }
         else {
-            if (wlen > PY_SSIZE_T_MAX / sizeof(wchar_t) - 1)
-                return PyErr_NoMemory();
-
-            wstr = PyMem_Malloc((wlen+1) * sizeof(wchar_t));
+            wstr = PyMem_New(wchar_t, wlen+1);
             if (!wstr)
                 return PyErr_NoMemory();
         }
diff --git a/PC/winreg.c b/PC/winreg.c
@@ -939,7 +939,7 @@ Reg2Py(BYTE *retDataBuf, DWORD retDataSize, DWORD typ)
                 wchar_t *data = (wchar_t *)retDataBuf;
                 int len = retDataSize / 2;
                 int s = countStrings(data, len);
-                wchar_t **str = (wchar_t **)PyMem_Malloc(sizeof(wchar_t *)*s);
+                wchar_t **str = PyMem_New(wchar_t *, s);
                 if (str == NULL)
                     return PyErr_NoMemory();
 
@@ -1206,7 +1206,7 @@ PyEnumValue(PyObject *self, PyObject *args)
     ++retDataSize;
     bufDataSize = retDataSize;
     bufValueSize = retValueSize;
-    retValueBuf = (wchar_t *)PyMem_Malloc(sizeof(wchar_t) * retValueSize);
+    retValueBuf = PyMem_New(wchar_t, retValueSize);
     if (retValueBuf == NULL)
         return PyErr_NoMemory();
     retDataBuf = (BYTE *)PyMem_Malloc(retDataSize);
@@ -1277,7 +1277,7 @@ PyExpandEnvironmentStrings(PyObject *self, PyObject *args)
         return PyErr_SetFromWindowsErrWithFunction(retValueSize,
                                         "ExpandEnvironmentStrings");
     }
-    retValue = (wchar_t *)PyMem_Malloc(retValueSize * sizeof(wchar_t));
+    retValue = PyMem_New(wchar_t, retValueSize);
     if (retValue == NULL) {
         return PyErr_NoMemory();
     }
diff --git a/Python/peephole.c b/Python/peephole.c
@@ -290,7 +290,7 @@ fold_unaryops_on_constants(unsigned char *codestr, PyObject *consts, PyObject *v
 static unsigned int *
 markblocks(unsigned char *code, Py_ssize_t len)
 {
-    unsigned int *blocks = (unsigned int *)PyMem_Malloc(len*sizeof(int));
+    unsigned int *blocks = PyMem_New(unsigned int, len);
     int i,j, opcode, blockcnt = 0;
 
     if (blocks == NULL) {
@@ -398,7 +398,7 @@ PyCode_Optimize(PyObject *code, PyObject* consts, PyObject *names,
         goto exitUnchanged;
 
     /* Mapping to new jump targets after NOPs are removed */
-    addrmap = (int *)PyMem_Malloc(codelen * sizeof(int));
+    addrmap = PyMem_New(int, codelen);
     if (addrmap == NULL) {
         PyErr_NoMemory();
         goto exitError;
