Repair widespread misuse of _PyString_Resize. Since it's clear people

tim-one · tim-one · commit 5de9842b34cb · 2002-04-27T18:44:32.000Z
don't understand how this function works, also beefed up the docs.  The
most common usage error is of this form (often spread out across gotos):

	if (_PyString_Resize(&amp;s, n) &lt; 0) {
		Py_DECREF(s);
		s = NULL;
		goto outtahere;
	}

The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL.  So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s):  s is already
NULL!  A correct way to write the above is the simpler (and intended)

	if (_PyString_Resize(&amp;s, n) &lt; 0)
		goto outtahere;

Bugfix candidate.
diff --git a/Doc/api/concrete.tex b/Doc/api/concrete.tex
@@ -586,7 +586,16 @@ \subsection{String Objects \label{stringObjects}}
 \begin{cfuncdesc}{int}{_PyString_Resize}{PyObject **string, int newsize}
   A way to resize a string object even though it is ``immutable''.
   Only use this to build up a brand new string object; don't use this
-  if the string may already be known in other parts of the code.
+  if the string may already be known in other parts of the code.  It
+  is an error to call this function if the refcount on the input string
+  object is not one.
+  Pass the address of an existing string object as an lvalue (it may
+  be written into), and the new size desired.  On success, \var{*string}
+  holds the resized string object and 0 is returned; the address in
+  \var{*string} may differ from its input value.  If the
+  reallocation fails, the original string object at \var{*string} is
+  deallocated, \var{*string} is set to \NULL{}, a memory exception is set,
+  and -1 is returned.
 \end{cfuncdesc}
 
 \begin{cfuncdesc}{PyObject*}{PyString_Format}{PyObject *format,
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -331,8 +331,8 @@ static PyObject *PySSL_SSLread(PySSLObject *self, PyObject *args)
 		Py_DECREF(buf);
 		return PySSL_SetError(self, count);
 	}
-	if (count != len && _PyString_Resize(&buf, count) < 0)
-		return NULL;
+	if (count != len)
+		_PyString_Resize(&buf, count);
 	return buf;
 }
 
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
@@ -1252,14 +1252,8 @@ modified_EncodeRawUnicodeEscape(const Py_UNICODE *s, int size)
 			*p++ = (char) ch;
 	}
 	*p = '\0';
-	if (_PyString_Resize(&repr, p - q))
-		goto onError;
-
+	_PyString_Resize(&repr, p - q);
 	return repr;
-
-  onError:
-	Py_DECREF(repr);
-	return NULL;
 }
 
 
diff --git a/Modules/cdmodule.c b/Modules/cdmodule.c
@@ -251,8 +251,7 @@ CD_readda(cdplayerobject *self, PyObject *args)
 		return NULL;
 	}
 	if (n < numframes)
-		if (_PyString_Resize(&result, n * sizeof(CDFRAME)))
-			return NULL;
+		_PyString_Resize(&result, n * sizeof(CDFRAME));
 
 	return result;
 }
diff --git a/Modules/clmodule.c b/Modules/clmodule.c
@@ -135,8 +135,7 @@ cl_CompressImage(PyObject *self, PyObject *args)
 	}
 
 	if (compressedBufferSize < frameBufferSize)
-		if (_PyString_Resize(&compressedBuffer, compressedBufferSize))
-			return NULL;
+		_PyString_Resize(&compressedBuffer, compressedBufferSize);
 
 	return compressedBuffer;
 }
diff --git a/Modules/linuxaudiodev.c b/Modules/linuxaudiodev.c
@@ -158,8 +158,7 @@ lad_read(lad_t *self, PyObject *args)
         return NULL;
     }
     self->x_icount += count;
-    if (_PyString_Resize(&rv, count) == -1)
-	return NULL;
+    _PyString_Resize(&rv, count);
     return rv;
 }
 
diff --git a/Modules/regexmodule.c b/Modules/regexmodule.c
@@ -516,11 +516,8 @@ symcomp(PyObject *pattern, PyObject *gdict)
 		return NULL;
 	}
 	/* _PyString_Resize() decrements npattern on failure */
-	if (_PyString_Resize(&npattern, n - v) == 0)
-		return npattern;
-	else {
-		return NULL;
-	}
+	_PyString_Resize(&npattern, n - v);
+	return npattern;
 
 }
 
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
@@ -1402,8 +1402,8 @@ PySocketSock_recv(PySocketSockObject *s, PyObject *args)
 		Py_DECREF(buf);
 		return s->errorhandler();
 	}
-	if (n != len && _PyString_Resize(&buf, n) < 0)
-		return NULL;
+	if (n != len)
+		_PyString_Resize(&buf, n);
 	return buf;
 }
 
diff --git a/Modules/stropmodule.c b/Modules/stropmodule.c
@@ -215,10 +215,8 @@ strop_joinfields(PyObject *self, PyObject *args)
 			}
 			slen = PyString_GET_SIZE(item);
 			while (reslen + slen + seplen >= sz) {
-				if (_PyString_Resize(&res, sz * 2)) {
-					Py_DECREF(res);
+				if (_PyString_Resize(&res, sz * 2) < 0)
 					return NULL;
-				}
 				sz *= 2;
 				p = PyString_AsString(res) + reslen;
 			}
@@ -231,10 +229,7 @@ strop_joinfields(PyObject *self, PyObject *args)
 			p += slen;
 			reslen += slen;
 		}
-		if (_PyString_Resize(&res, reslen)) {
-			Py_DECREF(res);
-			res = NULL;
-		}
+		_PyString_Resize(&res, reslen);
 		return res;
 	}
 
@@ -257,8 +252,7 @@ strop_joinfields(PyObject *self, PyObject *args)
 		}
 		slen = PyString_GET_SIZE(item);
 		while (reslen + slen + seplen >= sz) {
-			if (_PyString_Resize(&res, sz * 2)) {
-				Py_DECREF(res);
+			if (_PyString_Resize(&res, sz * 2) < 0) {
 				Py_DECREF(item);
 				return NULL;
 			}
@@ -275,10 +269,7 @@ strop_joinfields(PyObject *self, PyObject *args)
 		reslen += slen;
 		Py_DECREF(item);
 	}
-	if (_PyString_Resize(&res, reslen)) {
-		Py_DECREF(res);
-		res = NULL;
-	}
+	_PyString_Resize(&res, reslen);
 	return res;
 }
 
@@ -989,8 +980,8 @@ strop_translate(PyObject *self, PyObject *args)
 		return input_obj;
 	}
 	/* Fix the size of the resulting string */
-	if (inlen > 0 &&_PyString_Resize(&result, output-output_start))
-		return NULL;
+	if (inlen > 0)
+		_PyString_Resize(&result, output - output_start);
 	return result;
 }
 
diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c
@@ -255,9 +255,8 @@ PyZlib_decompress(PyObject *self, PyObject *args)
 	    /* fall through */
 	case(Z_OK):
 	    /* need more memory */
-	    if (_PyString_Resize(&result_str, r_strlen << 1) == -1) {
+	    if (_PyString_Resize(&result_str, r_strlen << 1) < 0) {
 		inflateEnd(&zst);
-		result_str = NULL;
 		goto error;
 	    }
 	    zst.next_out = (unsigned char *)PyString_AS_STRING(result_str) \
@@ -414,10 +413,8 @@ PyZlib_objcompress(compobject *self, PyObject *args)
     /* while Z_OK and the output buffer is full, there might be more output,
        so extend the output buffer and try again */
     while (err == Z_OK && self->zst.avail_out == 0) {
-	if (_PyString_Resize(&RetVal, length << 1) == -1) {
-	    RetVal = NULL;
+	if (_PyString_Resize(&RetVal, length << 1) < 0)
 	    goto error;
-	}
 	self->zst.next_out = (unsigned char *)PyString_AS_STRING(RetVal) \
 	    + length;
 	self->zst.avail_out = length;
@@ -438,9 +435,7 @@ PyZlib_objcompress(compobject *self, PyObject *args)
 	RetVal = NULL;
 	goto error;
     }
-    if (_PyString_Resize(&RetVal,
-			 self->zst.total_out - start_total_out) < 0)
-	RetVal = NULL;
+    _PyString_Resize(&RetVal, self->zst.total_out - start_total_out);
 
  error:
     LEAVE_ZLIB
@@ -510,10 +505,8 @@ PyZlib_objdecompress(compobject *self, PyObject *args)
 	if (max_length && length > max_length)
 	    length = max_length;
 
-	if (_PyString_Resize(&RetVal, length) == -1) {
-	    RetVal = NULL;
+	if (_PyString_Resize(&RetVal, length) < 0)
 	    goto error;
-	}
 	self->zst.next_out = (unsigned char *)PyString_AS_STRING(RetVal) \
 	    + old_length;
 	self->zst.avail_out = length - old_length;
@@ -561,8 +554,7 @@ PyZlib_objdecompress(compobject *self, PyObject *args)
 	goto error;
     }
 
-    if (_PyString_Resize(&RetVal, self->zst.total_out - start_total_out) < 0)
-	RetVal = NULL;
+    _PyString_Resize(&RetVal, self->zst.total_out - start_total_out);
 
  error:
     LEAVE_ZLIB
@@ -612,10 +604,8 @@ PyZlib_flush(compobject *self, PyObject *args)
     /* while Z_OK and the output buffer is full, there might be more output,
        so extend the output buffer and try again */
     while (err == Z_OK && self->zst.avail_out == 0) {
-	if (_PyString_Resize(&RetVal, length << 1) == -1)  {
-	    RetVal = NULL;
+	if (_PyString_Resize(&RetVal, length << 1) < 0)
 	    goto error;
-	}
 	self->zst.next_out = (unsigned char *)PyString_AS_STRING(RetVal) \
 	    + length;
 	self->zst.avail_out = length;
@@ -651,8 +641,7 @@ PyZlib_flush(compobject *self, PyObject *args)
 	goto error;
     }
 
-    if (_PyString_Resize(&RetVal, self->zst.total_out - start_total_out) < 0)
-	RetVal = NULL;
+    _PyString_Resize(&RetVal, self->zst.total_out - start_total_out);
 
  error:
     LEAVE_ZLIB
diff --git a/Objects/fileobject.c b/Objects/fileobject.c
@@ -1317,9 +1317,7 @@ file_readlines(PyFileObject *f, PyObject *args)
 			goto error;
 	}
   cleanup:
-	if (big_buffer) {
-		Py_DECREF(big_buffer);
-	}
+	Py_XDECREF(big_buffer);
 	return list;
 }
 
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
@@ -1869,8 +1869,8 @@ string_translate(PyStringObject *self, PyObject *args)
 		return input_obj;
 	}
 	/* Fix the size of the resulting string */
-	if (inlen > 0 &&_PyString_Resize(&result, output-output_start))
-		return NULL;
+	if (inlen > 0)
+		_PyString_Resize(&result, output - output_start);
 	return result;
 }
 
@@ -2927,7 +2927,14 @@ PyString_ConcatAndDel(register PyObject **pv, register PyObject *w)
    is only one module referencing the object.  You can also think of it
    as creating a new string object and destroying the old one, only
    more efficiently.  In any case, don't use this if the string may
-   already be known to some other part of the code... */
+   already be known to some other part of the code...
+   Note that if there's not enough memory to resize the string, the original
+   string object at *pv is deallocated, *pv is set to NULL, an "out of
+   memory" exception is set, and -1 is returned.  Else (on success) 0 is
+   returned, and the value in *pv may or may not be the same as on input.
+   As always, an extra byte is allocated for a trailing \0 byte (newsize
+   does *not* include that), and a trailing \0 byte is stored.
+*/
 
 int
 _PyString_Resize(PyObject **pv, int newsize)
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
@@ -927,10 +927,7 @@ PyObject *PyUnicode_EncodeUTF7(const Py_UNICODE *s,
         *out++ = '-';
     }
 
-    if (_PyString_Resize(&v, out - start)) {
-        Py_DECREF(v);
-        return NULL;
-    }
+    _PyString_Resize(&v, out - start);
     return v;
 }
 
@@ -1764,7 +1761,7 @@ PyObject *unicodeescape_string(const Py_UNICODE *s,
 	    /* Resize the string if necessary */
 	    if (offset + 12 > PyString_GET_SIZE(repr)) {
 		if (_PyString_Resize(&repr, PyString_GET_SIZE(repr) + 100))
-		    goto onError;
+		    return NULL;
 		p = PyString_AS_STRING(repr) + offset;
 	    }
 
@@ -1847,14 +1844,8 @@ PyObject *unicodeescape_string(const Py_UNICODE *s,
         *p++ = PyString_AS_STRING(repr)[1];
 
     *p = '\0';
-    if (_PyString_Resize(&repr, p - PyString_AS_STRING(repr)))
-	goto onError;
-
+    _PyString_Resize(&repr, p - PyString_AS_STRING(repr));
     return repr;
-
- onError:
-    Py_DECREF(repr);
-    return NULL;
 }
 
 PyObject *PyUnicode_EncodeUnicodeEscape(const Py_UNICODE *s,
@@ -1985,14 +1976,8 @@ PyObject *PyUnicode_EncodeRawUnicodeEscape(const Py_UNICODE *s,
             *p++ = (char) ch;
     }
     *p = '\0';
-    if (_PyString_Resize(&repr, p - q))
-	goto onError;
-
+    _PyString_Resize(&repr, p - q);
     return repr;
-
- onError:
-    Py_DECREF(repr);
-    return NULL;
 }
 
 PyObject *PyUnicode_AsRawUnicodeEscapeString(PyObject *unicode)
@@ -2092,8 +2077,7 @@ PyObject *PyUnicode_EncodeLatin1(const Py_UNICODE *p,
     }
     /* Resize if error handling skipped some characters */
     if (s - start < PyString_GET_SIZE(repr))
-	if (_PyString_Resize(&repr, s - start))
-	    goto onError;
+	_PyString_Resize(&repr, s - start);
     return repr;
 
  onError:
@@ -2240,8 +2224,7 @@ PyObject *PyUnicode_EncodeASCII(const Py_UNICODE *p,
     }
     /* Resize if error handling skipped some characters */
     if (s - start < PyString_GET_SIZE(repr))
-	if (_PyString_Resize(&repr, s - start))
-	    goto onError;
+	_PyString_Resize(&repr, s - start);
     return repr;
 
  onError:
@@ -2588,12 +2571,11 @@ PyObject *PyUnicode_EncodeCharmap(const Py_UNICODE *p,
 	Py_DECREF(x);
     }
     if (s - PyString_AS_STRING(v) < PyString_GET_SIZE(v))
-	if (_PyString_Resize(&v, (int)(s - PyString_AS_STRING(v))))
-	    goto onError;
+	_PyString_Resize(&v, (int)(s - PyString_AS_STRING(v)));
     return v;
 
  onError:
-    Py_DECREF(v);
+    Py_XDECREF(v);
     return NULL;
 }
 
diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c
@@ -1993,8 +1993,8 @@ filterstring(PyObject *func, PyObject *strobj)
 		Py_DECREF(item);
 	}
 
-	if (j < len && _PyString_Resize(&result, j) < 0)
-		return NULL;
+	if (j < len)
+		_PyString_Resize(&result, j);
 
 	return result;
 

Original file line number	Diff line number	Diff line change
`@@ -331,8 +331,8 @@ static PyObject PySSL_SSLread(PySSLObject self, PyObject *args)`
`331`	`331`	`Py_DECREF(buf);`
`332`	`332`	`return PySSL_SetError(self, count);`
`333`	`333`	`}`
`334`		`- if (count != len && _PyString_Resize(&buf, count) < 0)`
`335`		`- return NULL;`
	`334`	`+ if (count != len)`
	`335`	`+ _PyString_Resize(&buf, count);`
`336`	`336`	`return buf;`
`337`	`337`	`}`
`338`	`338`
Original file line number	Diff line number	Diff line change
`@@ -1252,14 +1252,8 @@ modified_EncodeRawUnicodeEscape(const Py_UNICODE *s, int size)`
`1252`	`1252`	`*p++ = (char) ch;`
`1253`	`1253`	`}`
`1254`	`1254`	`*p = '\0';`
`1255`		`- if (_PyString_Resize(&repr, p - q))`
`1256`		`- goto onError;`
`1257`		`-`
	`1255`	`+ _PyString_Resize(&repr, p - q);`
`1258`	`1256`	`return repr;`
`1259`		`-`
`1260`		`- onError:`
`1261`		`- Py_DECREF(repr);`
`1262`		`- return NULL;`
`1263`	`1257`	`}`
`1264`	`1258`
`1265`	`1259`
Original file line number	Diff line number	Diff line change
`@@ -251,8 +251,7 @@ CD_readda(cdplayerobject self, PyObject args)`
`251`	`251`	`return NULL;`
`252`	`252`	`}`
`253`	`253`	`if (n < numframes)`
`254`		`- if (_PyString_Resize(&result, n * sizeof(CDFRAME)))`
`255`		`- return NULL;`
	`254`	`+ _PyString_Resize(&result, n * sizeof(CDFRAME));`
`256`	`255`
`257`	`256`	`return result;`
`258`	`257`	`}`
Original file line number	Diff line number	Diff line change
`@@ -135,8 +135,7 @@ cl_CompressImage(PyObject self, PyObject args)`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`if (compressedBufferSize < frameBufferSize)`
`138`		`- if (_PyString_Resize(&compressedBuffer, compressedBufferSize))`
`139`		`- return NULL;`
	`138`	`+ _PyString_Resize(&compressedBuffer, compressedBufferSize);`
`140`	`139`
`141`	`140`	`return compressedBuffer;`
`142`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -158,8 +158,7 @@ lad_read(lad_t self, PyObject args)`
`158`	`158`	`return NULL;`
`159`	`159`	`}`
`160`	`160`	`self->x_icount += count;`
`161`		`- if (_PyString_Resize(&rv, count) == -1)`
`162`		`- return NULL;`
	`161`	`+ _PyString_Resize(&rv, count);`
`163`	`162`	`return rv;`
`164`	`163`	`}`
`165`	`164`
Original file line number	Diff line number	Diff line change
`@@ -516,11 +516,8 @@ symcomp(PyObject pattern, PyObject gdict)`
`516`	`516`	`return NULL;`
`517`	`517`	`}`
`518`	`518`	`/* _PyString_Resize() decrements npattern on failure */`
`519`		`- if (_PyString_Resize(&npattern, n - v) == 0)`
`520`		`- return npattern;`
`521`		`- else {`
`522`		`- return NULL;`
`523`		`- }`
	`519`	`+ _PyString_Resize(&npattern, n - v);`
	`520`	`+ return npattern;`
`524`	`521`
`525`	`522`	`}`
`526`	`523`
Original file line number	Diff line number	Diff line change
`@@ -1402,8 +1402,8 @@ PySocketSock_recv(PySocketSockObject s, PyObject args)`
`1402`	`1402`	`Py_DECREF(buf);`
`1403`	`1403`	`return s->errorhandler();`
`1404`	`1404`	`}`
`1405`		`- if (n != len && _PyString_Resize(&buf, n) < 0)`
`1406`		`- return NULL;`
	`1405`	`+ if (n != len)`
	`1406`	`+ _PyString_Resize(&buf, n);`
`1407`	`1407`	`return buf;`
`1408`	`1408`	`}`
`1409`	`1409`
Original file line number	Diff line number	Diff line change
`@@ -215,10 +215,8 @@ strop_joinfields(PyObject self, PyObject args)`
`215`	`215`	`}`
`216`	`216`	`slen = PyString_GET_SIZE(item);`
`217`	`217`	`while (reslen + slen + seplen >= sz) {`
`218`		`- if (_PyString_Resize(&res, sz * 2)) {`
`219`		`- Py_DECREF(res);`
	`218`	`+ if (_PyString_Resize(&res, sz * 2) < 0)`
`220`	`219`	`return NULL;`
`221`		`- }`
`222`	`220`	`sz *= 2;`
`223`	`221`	`p = PyString_AsString(res) + reslen;`
`224`	`222`	`}`
`@@ -231,10 +229,7 @@ strop_joinfields(PyObject self, PyObject args)`
`231`	`229`	`p += slen;`
`232`	`230`	`reslen += slen;`
`233`	`231`	`}`
`234`		`- if (_PyString_Resize(&res, reslen)) {`
`235`		`- Py_DECREF(res);`
`236`		`- res = NULL;`
`237`		`- }`
	`232`	`+ _PyString_Resize(&res, reslen);`
`238`	`233`	`return res;`
`239`	`234`	`}`
`240`	`235`
`@@ -257,8 +252,7 @@ strop_joinfields(PyObject self, PyObject args)`
`257`	`252`	`}`
`258`	`253`	`slen = PyString_GET_SIZE(item);`
`259`	`254`	`while (reslen + slen + seplen >= sz) {`
`260`		`- if (_PyString_Resize(&res, sz * 2)) {`
`261`		`- Py_DECREF(res);`
	`255`	`+ if (_PyString_Resize(&res, sz * 2) < 0) {`
`262`	`256`	`Py_DECREF(item);`
`263`	`257`	`return NULL;`
`264`	`258`	`}`
`@@ -275,10 +269,7 @@ strop_joinfields(PyObject self, PyObject args)`
`275`	`269`	`reslen += slen;`
`276`	`270`	`Py_DECREF(item);`
`277`	`271`	`}`
`278`		`- if (_PyString_Resize(&res, reslen)) {`
`279`		`- Py_DECREF(res);`
`280`		`- res = NULL;`
`281`		`- }`
	`272`	`+ _PyString_Resize(&res, reslen);`
`282`	`273`	`return res;`
`283`	`274`	`}`
`284`	`275`
`@@ -989,8 +980,8 @@ strop_translate(PyObject self, PyObject args)`
`989`	`980`	`return input_obj;`
`990`	`981`	`}`
`991`	`982`	`/* Fix the size of the resulting string */`
`992`		`- if (inlen > 0 &&_PyString_Resize(&result, output-output_start))`
`993`		`- return NULL;`
	`983`	`+ if (inlen > 0)`
	`984`	`+ _PyString_Resize(&result, output - output_start);`
`994`	`985`	`return result;`
`995`	`986`	`}`
`996`	`987`