Update of /cvsroot/pywin32/pywin32/com/win32com/src/extensions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19986/com/win32com/src/extensions
Modified Files:
PyILockBytes.cpp
Log Message:
Fix a memory leak and a buffer overflow
Index: PyILockBytes.cpp
===================================================================
RCS file: /cvsroot/pywin32/pywin32/com/win32com/src/extensions/PyILockBytes.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** PyILockBytes.cpp 2 Jul 2007 03:19:53 -0000 1.3
--- PyILockBytes.cpp 4 Jul 2007 16:43:37 -0000 1.4
***************
*** 35,56 ****
// @pyparm <o ULARGE_INTEGER>|ulOffset||Offset to start reading
// @pyparm int|cb||Number of bytes to read
- PyObject *obulOffset;
ULONG cb;
- if ( !PyArg_ParseTuple(args, "Oi:ReadAt", &obulOffset, &cb) )
- return NULL;
ULARGE_INTEGER ulOffset;
! BOOL bPythonIsHappy = TRUE;
! if (!PyWinObject_AsULARGE_INTEGER(obulOffset, &ulOffset)) bPythonIsHappy = FALSE;
! if (!bPythonIsHappy) return NULL;
! char *pv = (char *)malloc(cb);
! ULONG pcbRead;
PY_INTERFACE_PRECALL;
! HRESULT hr = pILB->ReadAt( ulOffset, pv, cb, &pcbRead );
PY_INTERFACE_POSTCALL;
! if ( FAILED(hr) )
return PyCom_BuildPyException(hr, pILB, IID_ILockBytes);
!
// @comm The result is a binary buffer returned in a string.
! PyObject *pyretval = PyString_FromStringAndSize(pv, pcbRead);
return pyretval;
}
--- 35,56 ----
// @pyparm <o ULARGE_INTEGER>|ulOffset||Offset to start reading
// @pyparm int|cb||Number of bytes to read
ULONG cb;
ULARGE_INTEGER ulOffset;
! if ( !PyArg_ParseTuple(args, "Kk:ReadAt", &ulOffset.QuadPart, &cb) )
! return NULL;
!
! PyObject *pyretval=PyString_FromStringAndSize(NULL, cb);
! if (pyretval==NULL)
! return NULL;
! ULONG cbRead;
PY_INTERFACE_PRECALL;
! HRESULT hr = pILB->ReadAt( ulOffset, PyString_AS_STRING(pyretval), cb, &cbRead );
PY_INTERFACE_POSTCALL;
! if ( FAILED(hr) ){
! Py_DECREF(pyretval);
return PyCom_BuildPyException(hr, pILB, IID_ILockBytes);
! }
// @comm The result is a binary buffer returned in a string.
! _PyString_Resize(&pyretval, cbRead);
return pyretval;
}
***************
*** 249,267 ****
Py_XDECREF(obulOffset);
if (FAILED(hr)) return hr;
- // Process the Python results, and convert back to the real params
- hr = E_FAIL;
- int len = PyObject_Length(result);
- if ( len == -1 )
- return PyCom_HandlePythonFailureToCOM(/*pexcepinfo*/);
- const char *s = PyString_AsString(result);
- if ( s == NULL )
- return PyCom_HandlePythonFailureToCOM(/*pexcepinfo*/);
! memcpy(pv, s, len);
! if ( pcbRead != NULL )
! *pcbRead = len;
! hr = S_OK;
Py_DECREF(result);
! return PyCom_SetCOMErrorFromSimple(hr, GetIID());
}
--- 249,269 ----
Py_XDECREF(obulOffset);
if (FAILED(hr)) return hr;
! // Process the Python results, and convert back to the real params
! // Length of returned object must fit in buffer !
! DWORD resultlen;
! VOID *buf;
! if (PyWinObject_AsReadBuffer(result, &buf, &resultlen, FALSE)){
! if (resultlen > cb)
! PyErr_SetString(PyExc_ValueError,"Returned data longer than requested");
! else{
! memcpy(pv, buf, resultlen);
! if (pcbRead)
! *pcbRead = resultlen;
! hr = S_OK;
! }
! }
Py_DECREF(result);
! return MAKE_PYCOM_GATEWAY_FAILURE_CODE("Read");
}
|
