from:"Alex CHEN"

[issue29873] Need a look for return value checking [_elementtree.c]

2017-03-21 Thread Alex CHEN


New submission from Alex CHEN:

In file _elementtree.c

our static code scanner has reported this case, but I don't sure that could be 
any problem, may you have a look?

static PyObject*  
element_getattr(ElementObject* self, char* name)
{
PyObject* res;

/* handle common attributes first */
if (strcmp(name, "tag") == 0) {
res = self->tag;
Py_INCREF(res);
return res;
} else if (strcmp(name, "text") == 0) {
res = element_get_text(self); // is it possible that 
element_get_text could return NULL here?
Py_INCREF(res);
return res;
}

--
components: XML
messages: 289965
nosy: alexc
priority: normal
severity: normal
status: open
title: Need a look for return value checking [_elementtree.c]
type: crash
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue29873>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29874] Need a look for return value checking [selectmodule.c]

2017-03-21 Thread Alex CHEN


New submission from Alex CHEN:

In file selectmodule.c

our static code scanner has reported the following case, function set2list is 
liable to return NULL (if PyTuple_New failed),  would any chance the NULL 
pointer be dereferenced (Py_DECREF(fdlist) after set2list) or it would just 
raise python exception to handle PyTuple_New error ?

static PyObject *
select_select(PyObject *self, PyObject *args)
{
..
if (n < 0) {
PyErr_SetFromErrno(SelectError);
}
#endif
else {
/* any of these three calls can raise an exception.  it's more
   convenient to test for this after all three calls... but
   is that acceptable?
*/
ifdlist = set2list(&ifdset, rfd2obj);  //   || <=
ofdlist = set2list(&ofdset, wfd2obj);  //   ||
efdlist = set2list(&efdset, efd2obj);  //   ||
if (PyErr_Occurred())
ret = NULL;
else
ret = PyTuple_Pack(3, ifdlist, ofdlist, efdlist);

Py_DECREF(ifdlist);
Py_DECREF(ofdlist);
Py_DECREF(efdlist);

--
messages: 289967
nosy: alexc
priority: normal
severity: normal
status: open
title: Need a look for return value checking [selectmodule.c]

___
Python tracker 
<http://bugs.python.org/issue29874>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29874] Need a look for return value checking [selectmodule.c]

2017-03-21 Thread Alex CHEN


Changes by Alex CHEN :


--
type:  -> crash

___
Python tracker 
<http://bugs.python.org/issue29874>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29876] Check for null return value [_elementtree.c : subelement]

2017-03-21 Thread Alex CHEN


New submission from Alex CHEN:

In file _elementtree.c

our static code scanner has reported this case, I think there is a bit similar 
to http://bugs.python.org/issue29874 (returns NULL when NoMemory)

static PyObject*
subelement(PyObject* self, PyObject* args, PyObject* kw)
{
PyObject* elem;

ElementObject* parent;
PyObject* tag;
PyObject* attrib = NULL;
if (!PyArg_ParseTuple(args, "O!O|O!:SubElement",
  &Element_Type, &parent, &tag,
  &PyDict_Type, &attrib))
return NULL;

if (attrib || kw) {
attrib = (attrib) ? PyDict_Copy(attrib) : PyDict_New();
if (!attrib)
return NULL;
if (kw)
PyDict_Update(attrib, kw);
} else {
Py_INCREF(Py_None);
attrib = Py_None;
}

elem = element_new(tag, attrib);  // <== element_new could 
returns a NULL pointer, the followed Py_DECREF(elem) would dereference NULL 
pointer.

Py_DECREF(attrib);

if (element_add_subelement(parent, elem) < 0) {
Py_DECREF(elem);
return NULL;
}

--
components: XML
messages: 289972
nosy: alexc
priority: normal
severity: normal
status: open
title: Check for null return value [_elementtree.c : subelement]
type: crash
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue29876>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29682] Checks for null return value

2017-02-28 Thread Alex CHEN


New submission from Alex CHEN:

Hi,

Our tool reported a position that doesn't check for returned value (from a 
function that might returns null). might need a look that is there any problem 
or I am missing something.

in function PyUnknownEncodingHandler of file pyexpat.c,

if (namespace_separator != NULL) {
self->itself = XML_ParserCreateNS(encoding, *namespace_separator);
}
else {
self->itself = XML_ParserCreate(encoding);   // could 
XML_ParserCreate returns null in this point?
}
.
XML_SetHashSalt(self->itself, // if it does 
return null, null pointer will passed into XML_SetHashSalt and will be 
dereferenced.
(unsigned long)_Py_HashSecret.prefix);
#endif

--
messages: 288739
nosy: alexc
priority: normal
severity: normal
status: open
title: Checks for null return value
versions: Python 2.7

___
Python tracker 
<http://bugs.python.org/issue29682>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue29873] Need a look for return value checking [_elementtree.c]

[issue29874] Need a look for return value checking [selectmodule.c]

[issue29874] Need a look for return value checking [selectmodule.c]

[issue29876] Check for null return value [_elementtree.c : subelement]

[issue29682] Checks for null return value

5 matches

Site Navigation

Mail list logo

Footer information