[pywin32-checkins] pywin32/com/win32com/src/extensions PyGStream.cpp, 1.4, 1.5
OLD project page for the Python extensions for Windows
Brought to you by:
mhammond
Menu
▾
▴
[pywin32-checkins] pywin32/com/win32com/src/extensions PyGStream.cpp, 1.4, 1.5
|
From: Roger U. <ru...@us...> - 2007-07-03 21:00:49
|
Update of /cvsroot/pywin32/pywin32/com/win32com/src/extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26516/com/win32com/src/extensions Modified Files: PyGStream.cpp Log Message: Fix a buffer overflow and possible crash Index: PyGStream.cpp =================================================================== RCS file: /cvsroot/pywin32/pywin32/com/win32com/src/extensions/PyGStream.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PyGStream.cpp 2 Jul 2007 01:29:51 -0000 1.4 --- PyGStream.cpp 3 Jul 2007 21:00:46 -0000 1.5 *************** *** 19,34 **** hr = E_FAIL; ! int len = PyObject_Length(result); ! if ( len != -1 ) ! { ! const char *s = PyString_AsString(result); ! if ( s != NULL ) ! { ! memcpy(pv, s, len); ! if ( pcbRead != NULL ) ! *pcbRead = len; hr = S_OK; } - } Py_DECREF(result); --- 19,34 ---- hr = E_FAIL; ! VOID *buf=NULL; ! DWORD resultlen; ! if (PyWinObject_AsReadBuffer(result, &buf, &resultlen, FALSE)){ ! if (resultlen > cb) ! PyErr_SetString(PyExc_ValueError,"Returned data longer than requested"); ! else{ ! memcpy(pv, buf, resultlen); ! if (pcbRead) ! *pcbRead = resultlen; hr = S_OK; + } } Py_DECREF(result); *************** *** 68,82 **** { PY_GATEWAY_METHOD; - PyObject *obdlibMove = PyWinObject_FromLARGE_INTEGER(dlibMove); PyObject *result; ! HRESULT hr=InvokeViaPolicy("Seek", &result, "Oi", obdlibMove, dwOrigin); ! Py_XDECREF(obdlibMove); if (FAILED(hr)) return hr; // Process the Python results, and convert back to the real params ! PyObject *obplibNewPosition; ! if (!PyArg_Parse(result, "O" , &obplibNewPosition)) return PyCom_HandlePythonFailureToCOM(/*pexcepinfo*/); ! BOOL bPythonIsHappy = TRUE; ! if (!PyWinObject_AsULARGE_INTEGER(obplibNewPosition, plibNewPosition)) bPythonIsHappy = FALSE; ! if (!bPythonIsHappy) hr = MAKE_PYCOM_GATEWAY_FAILURE_CODE("Seek"); Py_DECREF(result); return hr; --- 68,81 ---- { PY_GATEWAY_METHOD; PyObject *result; ! HRESULT hr=InvokeViaPolicy("Seek", &result, "Lk", dlibMove.QuadPart, dwOrigin); if (FAILED(hr)) return hr; // Process the Python results, and convert back to the real params ! // Callers may pass NULL for result position if they don't require the result ! ULARGE_INTEGER new_pos; ! if (!PyWinObject_AsULARGE_INTEGER(result, &new_pos)) ! hr = MAKE_PYCOM_GATEWAY_FAILURE_CODE("Seek"); ! else if (plibNewPosition) ! *plibNewPosition=new_pos; Py_DECREF(result); return hr; |
