[issue35090] bz2: Potential division by zero in BZ2_Malloc()

2018-10-28 Thread STINNER Victor 


STINNER Victor  added the comment:

> May be we should add a new function (_PyMem_RawMallocItems?) that does the 
> same checks as PyMem_RawCalloc, but doesn't zero-initialize memory?

Please don't add new functions to the Python memory allocators. We already have 
too many of them :-(
https://docs.python.org/dev/c-api/memory.html

PyZlib_Malloc, PyLzma_Malloc and BZ2_Malloc exists because they use different 
types: 2 unsigned int (zlib), 2 size_t (lzma), 2 int (bz2). PyMem_RawMalloc() 
expects a single size_t.

IMHO it's fine to have a function of 5 lines of code in each module, since each 
module uses a different C type.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35090] bz2: Potential division by zero in BZ2_Malloc()

2018-10-28 Thread Alexey Izbyshev 


Alexey Izbyshev  added the comment:

May be we should add a new function (_PyMem_RawMallocItems?) that does the same 
checks as PyMem_RawCalloc, but doesn't zero-initialize memory?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35090] bz2: Potential division by zero in BZ2_Malloc()

2018-10-28 Thread STINNER Victor 


STINNER Victor  added the comment:

Check other wrappers to memory allocators:

* zlib: "zst.zalloc = PyZlib_Malloc" which calls PyMem_RawMalloc
* _lzma: "self->alloc.alloc = PyLzma_Malloc" which calls PyMem_RawMalloc
* _bz2: "bzalloc = BZ2_Malloc" which calls PyMem_RawMalloc()

https://bugs.python.org/issue35056#msg328533

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35090] bz2: Potential division by zero in BZ2_Malloc()

2018-10-28 Thread Alexey Izbyshev 


Change by Alexey Izbyshev :


--
keywords: +patch
pull_requests: +9497
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35090] bz2: Potential division by zero in BZ2_Malloc()

2018-10-28 Thread Alexey Izbyshev 


New submission from Alexey Izbyshev :

BZ2_Malloc() checks for size < 0 at 
https://github.com/python/cpython/blob/6015cc50bc38b9e920ce4986ee10658eaa14f561/Modules/_bz2module.c#L278
 , but doesn't check for size == 0 before dividing by it:

if (items < 0 || size < 0)
return NULL;
if ((size_t)items > (size_t)PY_SSIZE_T_MAX / (size_t)size)
return NULL;

Reported by Svace static analyzer.

--
components: Extension Modules
messages: 328686
nosy: berker.peksag, izbyshev, serhiy.storchaka, vstinner
priority: normal
severity: normal
status: open
title: bz2: Potential division by zero in BZ2_Malloc()
type: behavior
versions: Python 3.6, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com