[Guido]
> I've checked in what I think is a complete fix, but I wouldn't mind
> some extra eyes -- I'm in a bit of a rush to head out for dinner now.
>
> But Tim, please take a nap first! :-)
Heh. I'm working on it.
Initial bleary-eyeballing turned up one vulnerability remaining, in
dict_popitem(): allocating the result tuple *could* conceivably empty the
dict, in which case the search loop will never terminate. So I'd move the
"empty?" test after the allocation, like so (untested!):
/* Allocate the result tuple first. Believe it or not,
* this allocation could trigger a garbage collection which
* could resize the dict, which would invalidate the pointer
* (ep) into the dict calculated below, or clear the dict.
* So we have to do this first.
*/
res = PyTuple_New(2);
if (res == NULL)
return NULL;
if (mp->ma_used == 0) {
PyErr_SetString(PyExc_KeyError,
"popitem(): dictionary is empty");
Py_DECREF(res);
return NULL;
}
In practice (well, mine), .popitem() is never called on an empty dict, so I
don't at all mind allocating a tuple just to throw it away immediately if the
dict is empty.
zzzzzzzzzzzzzingly y'rs - tim
PS: Another release candidate is a prudent idea. I'll be up again in 1.5
hours.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4