[pywin32-checkins] pywin32/com/win32comext/shell/src shell.cpp, 1.45, 1.46
OLD project page for the Python extensions for Windows
Brought to you by:
mhammond
Menu
▾
▴
[pywin32-checkins] pywin32/com/win32comext/shell/src shell.cpp, 1.45, 1.46
|
From: Mark H. <mha...@us...> - 2006-07-12 12:16:08
|
Update of /cvsroot/pywin32/pywin32/com/win32comext/shell/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24878/win32comext/shell/src Modified Files: shell.cpp Log Message: Do some basic validity checks when converting a buffer to a PIDL. Index: shell.cpp =================================================================== RCS file: /cvsroot/pywin32/pywin32/com/win32comext/shell/src/shell.cpp,v retrieving revision 1.45 retrieving revision 1.46 diff -C2 -d -r1.45 -r1.46 *** shell.cpp 1 Jun 2006 10:23:05 -0000 1.45 --- shell.cpp 12 Jul 2006 12:15:29 -0000 1.46 *************** *** 125,129 **** while (pidl->mkid.cb) { // cb includes sizeof(cb) itself - so string len is cb-sizeof(cb) ! PyObject *sub = PyString_FromStringAndSize((char *)pidl->mkid.abID, pidl->mkid.cb-sizeof(pidl->mkid.cb)); if (sub) { PyList_Append(ret, sub); --- 125,147 ---- while (pidl->mkid.cb) { // cb includes sizeof(cb) itself - so string len is cb-sizeof(cb) ! if (pidl->mkid.cb <= sizeof(pidl->mkid.cb)) { ! Py_DECREF(ret); ! ret = NULL; ! PyErr_SetString(PyExc_ValueError, "This string has an invalid sub-item (too short)"); ! break; ! } ! // The length may be too large to read (and causing an ! // exception deep inside Python doesn't always leave ! // things in a good state! Its also inconvenient to ! // always pass the size of the object - so explicitly ! // check we can read the memory. ! UINT cbdata = pidl->mkid.cb-sizeof(pidl->mkid.cb); ! if (IsBadReadPtr(pidl->mkid.abID, cbdata)) { ! Py_DECREF(ret); ! ret = NULL; ! PyErr_SetString(PyExc_ValueError, "This string has an invalid sub-item (too long)"); ! break; ! } ! PyObject *sub = PyString_FromStringAndSize((char *)pidl->mkid.abID, cbdata); if (sub) { PyList_Append(ret, sub); |
