| 4556e7e | Martin v. Löwis | 19 December 2008, 15:02:52 UTC | Prepare for 2.4.6. | 19 December 2008, 15:02:52 UTC |
| bc160b7 | Matthias Klose | 16 December 2008, 13:12:32 UTC | - Mention CVE-2008-5031 in issue #4469. | 16 December 2008, 13:12:32 UTC |
| 8578803 | Martin v. Löwis | 13 December 2008, 22:31:31 UTC | Add 2.4.6 final section. | 13 December 2008, 22:31:31 UTC |
| 3873dbd | Martin v. Löwis | 13 December 2008, 13:37:28 UTC | Tagging for release of Python 2.4.6c1 | 13 December 2008, 13:37:28 UTC |
| 3b9c0f4 | Martin v. Löwis | 13 December 2008, 13:37:04 UTC | Add 2.4.6 uuids. | 13 December 2008, 13:37:04 UTC |
| cc4e066 | Martin v. Löwis | 13 December 2008, 13:34:10 UTC | Prepare for 2.4.6c1. | 13 December 2008, 13:34:10 UTC |
| 9b8de84 | Martin v. Löwis | 13 December 2008, 13:20:46 UTC | Backported r55839 and r61350 Issue #4469: Prevent expandtabs() on string and unicode objects from causing a segfault when a large width is passed on 32-bit platforms. | 13 December 2008, 13:20:46 UTC |
| aec20a6 | Matthias Klose | 30 November 2008, 13:33:28 UTC | - Tools/faqwiz/move-faqwiz.sh: Fix unsecure use of temporary files. | 30 November 2008, 13:33:28 UTC |
| a5f3ceb | Amaury Forgeot d'Arc | 18 November 2008, 22:49:39 UTC | #4317: Fix an Array Bounds Read in imageop.rgb2rgb8. Backport of r67266 | 18 November 2008, 22:49:39 UTC |
| 900fb20 | Benjamin Peterson | 17 November 2008, 23:37:34 UTC | update svn:ignore here | 17 November 2008, 23:37:34 UTC |
| 38ce9c2 | Benjamin Peterson | 17 November 2008, 23:27:02 UTC | backport the security fix part of r67246 | 17 November 2008, 23:27:02 UTC |
| 3a87f93 | Matthias Klose | 12 November 2008, 07:29:23 UTC | - Security Issue #2: imageop did not validate arguments correctly and could segfault as a result. CVE-2008-4864. backport r66689 | 12 November 2008, 07:29:23 UTC |
| b7cfda1 | Matthias Klose | 12 November 2008, 07:21:52 UTC | - Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size parameter but was not verifying that it was greater than zero. Values less than zero will now raise a SystemError and return NULL to indicate a bug in the calling C code. CVE-2008-1887. backport r62261, r62271 | 12 November 2008, 07:21:52 UTC |
| 8af5d57 | Matthias Klose | 12 November 2008, 07:08:51 UTC | - Issues #2588, #2589: Fix potential integer underflow and overflow conditions in the PyOS_vsnprintf C API function. CVE-2008-3144. | 12 November 2008, 07:08:51 UTC |
| 01feb5a | Matthias Klose | 12 November 2008, 07:02:24 UTC | - Issue #2586: Fix CVE-2008-1721, zlib crash from zlib.decompressobj().flush(val) when val is not positive. | 12 November 2008, 07:02:24 UTC |
| 8ad5f45 | Matthias Klose | 12 November 2008, 06:54:33 UTC | - Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer overflows in the imageop and rgbimgmodule modules. | 12 November 2008, 06:54:33 UTC |
| 1596ed9 | Matthias Klose | 12 November 2008, 06:48:00 UTC | - Moved entries added after the 2.4.5 release to a new 2.4.6. entry. | 12 November 2008, 06:48:00 UTC |
| b93d7d5 | Neal Norwitz | 31 July 2008, 17:04:32 UTC | Security patches from Apple: prevent int overflow when allocating memory | 31 July 2008, 17:04:32 UTC |
| 46b3a79 | Neal Norwitz | 28 July 2008, 05:22:45 UTC | Backport r65182. This change modified from using the unsigned max value to the signed max value similar to 2.5 and trunk. Issue #2620: Overflow checking when allocating or reallocating memory was not always being done properly in some python types and extension modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have all been updated to perform better checks and places in the code that would previously leak memory on the error path when such an allocation failed have been fixed. | 28 July 2008, 05:22:45 UTC |
| 5cdbf77 | Martin v. Löwis | 11 March 2008, 18:01:21 UTC | Tag 2.4.5. | 11 March 2008, 18:01:21 UTC |
| 50d55ff | Martin v. Löwis | 11 March 2008, 17:59:53 UTC | Prepare for 2.4.5 | 11 March 2008, 17:59:53 UTC |
| d487aa1 | Martin v. Löwis | 02 March 2008, 19:34:25 UTC | Tagging for release of Python 2.4.5c1 | 02 March 2008, 19:34:25 UTC |
| ae1c290 | Martin v. Löwis | 02 March 2008, 19:33:40 UTC | Prepare for 2.4.5c1 | 02 March 2008, 19:33:40 UTC |
| c8ed4ff | Martin v. Löwis | 02 March 2008, 19:20:32 UTC | Backport of r60793: Added checks for integer overflows, contributed by Google. Some are only available if asserts are left in the code, in cases where they can't be triggered from Python code. | 02 March 2008, 19:20:32 UTC |
| 0cc3ea6 | Martin v. Löwis | 02 March 2008, 17:47:51 UTC | Revert the following revisions, as they don't fix security problems: 52448, 52468, 52472, 52475, 52646, 52797, 52802, 52863, 52999, 53001, 53101, 53371, 53373, 53383, 53384, 53736, 53812, 53921, 55578, 55580, 55581, 55772, 55775, 56557, 57093, 57094, 58630, 60114 | 02 March 2008, 17:47:51 UTC |
| 0e42f0e | Gregory P. Smith | 19 January 2008, 22:35:09 UTC | Backport r60104 + r60111 from trunk. - Issue #1336: fix a race condition in subprocess.Popen if the garbage collector kicked in at the wrong time that would cause the process to hang when the child wrote to stderr. | 19 January 2008, 22:35:09 UTC |
| 80ebe95 | Vinay Sajip | 24 October 2007, 10:51:23 UTC | Bug #1321: Fixed logic error in TimedRotatingFileHandler.__init__() | 24 October 2007, 10:51:23 UTC |
| 85375ee | Matthias Klose | 16 August 2007, 12:00:18 UTC | - mark the findCaller 2-element tuple/3-element tuple change as new in 2.4 | 16 August 2007, 12:00:18 UTC |
| 042e514 | Matthias Klose | 16 August 2007, 11:26:06 UTC | - fix build error with the findCaller backport | 16 August 2007, 11:26:06 UTC |
| 01b20ec | Martin v. Löwis | 03 August 2007, 04:50:46 UTC | Add uuids for upcoming 2.4.5 release. | 03 August 2007, 04:50:46 UTC |
| 6906f93 | Ronald Oussoren | 26 July 2007, 21:31:09 UTC | MacOS build script: - be more strict about the build environment - update some of the 3th party libraries (later patchlevels) | 26 July 2007, 21:31:09 UTC |
| ac90ca8 | Hye-Shik Chang | 05 June 2007, 19:28:15 UTC | Fix for Windows: close a temporary file before trying to delete it. | 05 June 2007, 19:28:15 UTC |
| bc7902f | Hye-Shik Chang | 05 June 2007, 19:02:59 UTC | (Backport from r55770) Bug #1728403: Fix a bug that CJKCodecs StreamReader hangs when it reads a file that ends with incomplete sequence and sizehint argument for .read() is specified. | 05 June 2007, 19:02:59 UTC |
| 1eb58d8 | Vinay Sajip | 25 May 2007, 07:26:26 UTC | Updated documentation for SysLogHandler (#1720726). | 25 May 2007, 07:26:26 UTC |
| 8ceecd3 | Vinay Sajip | 25 May 2007, 07:22:57 UTC | Updated documentation for SysLogHandler (#1720726). | 25 May 2007, 07:22:57 UTC |
| 26e2439 | Vinay Sajip | 25 May 2007, 07:17:37 UTC | Updated findCaller documentation. | 25 May 2007, 07:17:37 UTC |
| 05d9f30 | Georg Brandl | 15 May 2007, 20:19:42 UTC | HTML-escape the plain traceback in cgitb's HTML output, to prevent the traceback inadvertently or maliciously closing the comment and injecting HTML into the error page. (backport from rev. 55348) | 15 May 2007, 20:19:42 UTC |
| 0c0d949 | Thomas Wouters | 25 February 2007, 22:15:53 UTC | Backported r51621 from p3yk: Don't use a fixed temporary name (gdbm). Don't use our own temp name creation (dbm). | 25 February 2007, 22:15:53 UTC |
| 0454bc2 | Vinay Sajip | 17 February 2007, 01:39:17 UTC | Minor fix for currentframe (SF #1652788). | 17 February 2007, 01:39:17 UTC |
| fd8367f | Skip Montanaro | 11 February 2007, 18:37:54 UTC | backport: fix trace.py --ignore-dir | 11 February 2007, 18:37:54 UTC |
| 1e42ab6 | Thomas Wouters | 23 January 2007, 15:09:19 UTC | Backport trunk revision 53527: SF patch #1630975: Fix crash when replacing sys.stdout in sitecustomize When running the interpreter in an environment that would cause it to set stdout/stderr/stdin's encoding, having a sitecustomize that would replace them with something other than PyFile objects would crash the interpreter. Fix it by simply ignoring the encoding-setting for non-files. This could do with a test, but I can think of no maintainable and portable way to test this bug, short of adding a sitecustomize.py to the buildsystem and have it always run with it (hmmm....) | 23 January 2007, 15:09:19 UTC |
| 741e0bb | Vinay Sajip | 11 January 2007, 20:26:05 UTC | Fixed bug in fileConfig where _handlerList was not being cleared. (SF #1632328) | 11 January 2007, 20:26:05 UTC |
| e518551 | Vinay Sajip | 11 January 2007, 20:08:56 UTC | Backported change in shutdown(); now takes an optional handler-list argument. | 11 January 2007, 20:08:56 UTC |
| 1223a40 | Matthias Klose | 11 January 2007, 11:40:28 UTC | - idle: Honor the "Cancel" action in the save dialog (Debian bug #299092). | 11 January 2007, 11:40:28 UTC |
| dbc6826 | Matthias Klose | 11 January 2007, 10:27:33 UTC | - Make the documentation match the code and the docstring | 11 January 2007, 10:27:33 UTC |
| 7c6e470 | Raymond Hettinger | 20 December 2006, 08:23:39 UTC | Bug #1590891: random.randrange don't return correct value for big number | 20 December 2006, 08:23:39 UTC |
| ddf3da8 | Vinay Sajip | 11 December 2006, 14:33:45 UTC | Patch by "cuppatea" (SF #1503765) | 11 December 2006, 14:33:45 UTC |
| e22f261 | Vinay Sajip | 11 December 2006, 14:09:34 UTC | Patch by Jeremy Katz (SF #1609407) | 11 December 2006, 14:09:34 UTC |
| eff853c | Armin Rigo | 29 November 2006, 22:07:38 UTC | Backport of r52862. | 29 November 2006, 22:07:38 UTC |
| 33d34e7 | Andrew M. Kuchling | 20 November 2006, 13:40:10 UTC | Jython compatibility fix: if uu.decode() opened its output file, be sure to close it. | 20 November 2006, 13:40:10 UTC |
| 0866c8b | Andrew M. Kuchling | 20 November 2006, 13:31:28 UTC | Add extra SHA tests | 20 November 2006, 13:31:28 UTC |
| ce7cc4c | Ronald Oussoren | 07 November 2006, 15:56:07 UTC | backport of revision 52644 | 07 November 2006, 15:56:07 UTC |
| d8df714 | Andrew M. Kuchling | 27 October 2006, 14:55:11 UTC | Point users to the subprocess module in the docs for os.system, os.spawn*, os.popen2, and the popen2 and commands modules | 27 October 2006, 14:55:11 UTC |
| 40e0d6f | Andrew M. Kuchling | 27 October 2006, 13:36:16 UTC | [Bug #1542016] Report PCALL_POP value. This makes the return value of sys.callstats() match its docstring. | 27 October 2006, 13:36:16 UTC |
| c08018a | Andrew M. Kuchling | 27 October 2006, 13:34:05 UTC | Add sections for a hypothetical future 2.4.5 release | 27 October 2006, 13:34:05 UTC |
| a9e85bd | Andrew M. Kuchling | 27 October 2006, 13:07:10 UTC | [Bug #1562583] Mention the set_reuse_addr() method | 27 October 2006, 13:07:10 UTC |
| e250562 | Andrew M. Kuchling | 26 October 2006, 19:11:42 UTC | [Bug #1579796] Wrong syntax for PyDateTime_IMPORT in documentation. Reported by David Faure. | 26 October 2006, 19:11:42 UTC |
| 2e96ffc | Anthony Baxter | 18 October 2006, 07:03:14 UTC | Tagging for release of Python 2.4.4 | 18 October 2006, 07:03:14 UTC |
| 8022fee | Anthony Baxter | 18 October 2006, 07:02:36 UTC | regenerating tag. | 18 October 2006, 07:02:36 UTC |
| b499eec | Martin v. Löwis | 18 October 2006, 06:50:22 UTC | Bump buildno for 2.4.4. | 18 October 2006, 06:50:22 UTC |
| 0d15557 | Anthony Baxter | 18 October 2006, 05:13:30 UTC | Tagging for release of Python 2.4.4 | 18 October 2006, 05:13:30 UTC |
| 1fad0cd | Anthony Baxter | 17 October 2006, 16:07:57 UTC | preparing for 2.4.4 final | 17 October 2006, 16:07:57 UTC |
| 5bc27d5 | Anthony Baxter | 17 October 2006, 16:03:36 UTC | - Bug #1578513: Cross compilation was broken by a change to configure. Repair so that it's back to how it was in 2.4.3. Needs to be forward-ported to 2.5 branch and trunk. | 17 October 2006, 16:03:36 UTC |
| 2d3814e | Anthony Baxter | 11 October 2006, 04:32:52 UTC | Tagging for release of Python 2.4.4c1 | 11 October 2006, 04:32:52 UTC |
| 84332f9 | Anthony Baxter | 10 October 2006, 17:28:33 UTC | what month is it again? I get confused... | 10 October 2006, 17:28:33 UTC |
| 126ba44 | Anthony Baxter | 10 October 2006, 16:44:16 UTC | preparing for 2.4.4c1 | 10 October 2006, 16:44:16 UTC |
| 8bc45db | Anthony Baxter | 10 October 2006, 16:43:06 UTC | note the previous checkin | 10 October 2006, 16:43:06 UTC |
| c5e1e15 | Tim Peters | 10 October 2006, 16:42:09 UTC | Note that there are no longer warnings when building _bsddb on Windows (Martin recently repaired that -- thanks!). | 10 October 2006, 16:42:09 UTC |
| 3d62ffe | Anthony Baxter | 10 October 2006, 16:20:41 UTC | Backport 50567 #1494314: Fix a regression with high-numbered sockets in 2.4.3. This means that select() on sockets > FD_SETSIZE (typically 1024) work again. The patch makes sockets use poll() internally where available. | 10 October 2006, 16:20:41 UTC |
| ad7dd88 | Martin v. Löwis | 10 October 2006, 13:50:39 UTC | Ignore libcmt, not msvcrt. | 10 October 2006, 13:50:39 UTC |
| f46d5d3 | Anthony Baxter | 10 October 2006, 08:10:42 UTC | Update distutils version number to match the library version number | 10 October 2006, 08:10:42 UTC |
| 6f2b80d | Ronald Oussoren | 10 October 2006, 07:53:36 UTC | fix permission problem in the generated installer | 10 October 2006, 07:53:36 UTC |
| 0af9b87 | Tim Peters | 09 October 2006, 23:37:58 UTC | Backport rev 51262 from trunk -- squashes a compiler warning on Windows about truly wrong code. Checkin comment from 51262: Can't return NULL from a void function. If there is a memory error, about the best we can do is call PyErr_WriteUnraisable and go on. We won't be able to do the call below either, so verify delstr is valid. | 09 October 2006, 23:37:58 UTC |
| 99887e1 | Tim Peters | 09 October 2006, 23:18:44 UTC | Move fetching of encoding test files from the end of the Windows builbot's "build" step to the start of its "test" step. This is poke-and-hope. The hope is that compilation failures on Windows will become visible to the buildbot (bsddb has apparently been failing to compile in 2.4 on Windows "for some time" now, but the buildbots haven't noticed that). | 09 October 2006, 23:18:44 UTC |
| 2b37ea4 | Tim Peters | 09 October 2006, 20:24:45 UTC | Backport of the pieces of trunk rev 46589 relevant to fixing an unlikely crash bug in dict resizing, SF bug 1456209. The rest of rev 46589 changes whether Python suppresses exceptions during some dict-related comparisons. While I think that's a good idea, it does change visible behavior at times, and there was already some complaining about that on the trunk. Not a good idea for backporting. The part of 46589 checked in here can at worst stop segfaults, and I doubt anyone will gripe about that ;-) | 09 October 2006, 20:24:45 UTC |
| b8f82e6 | Martin v. Löwis | 09 October 2006, 19:29:06 UTC | Backport r45505, r45573, r45576 - reset errno before calling confstr - use confstr() doc to simplify checks afterwards - Correct implementation and documentation of os.confstr. Add a simple test case. I've yet to figure out how to provoke a None return I can test. - Address issues brought up by MvL on python-checkins. I tested this with valgrind on amd64. The man pages I found for diff architectures are inconsistent on this. I'm not entirely sure this change is correct for all architectures either. Perhaps we should just over-allocate and not worry about it? The change to return None instead of "" in case of unconfigured values has not been backported. | 09 October 2006, 19:29:06 UTC |
| 2fafa25 | Andrew M. Kuchling | 09 October 2006, 18:42:49 UTC | [Partial backport of r45947 | neal.norwitz] Fix problems found by Coverity. longobject.c: also fix an ssize_t problem <a> could have been NULL, so hoist the size calc to not use <a>. [The ssize_t change isn't needed for 2.4. The other changes in this revision are to modules not present in 2.4. --amk] | 09 October 2006, 18:42:49 UTC |
| cebdc5e | Andrew M. Kuchling | 09 October 2006, 18:30:13 UTC | [Partial backport of r45947 | neal.norwitz] Fix problems found by Coverity. _ssl.c: under fail: self is DECREF'd, but it would have been NULL. _csv.c: I'm not sure if lineterminator could have been anything other than a string. However, other string method calls are checked, so check this one too. | 09 October 2006, 18:30:13 UTC |
| e0235ae | Andrew M. Kuchling | 09 October 2006, 18:19:01 UTC | [Backport r42951 | guido.van.rossum] Fix three nits found by Coverity, adding null checks and comments. [This commit only makes two changes. One change in the original patch is just adding a comment, and another adds a 'base != NULL' check to silence Coverity, but a comment adds that that base is never going to be NULL. I didn't backport that change. --amk] | 09 October 2006, 18:19:01 UTC |
| 2a3d88c | Andrew M. Kuchling | 09 October 2006, 17:15:39 UTC | [Bug #1545341] Let the 'classifiers' parameter be a tuple as well as a list. | 09 October 2006, 17:15:39 UTC |
| c881bb9 | Ronald Oussoren | 08 October 2006, 18:20:10 UTC | Backport of r52238 | 08 October 2006, 18:20:10 UTC |
| 2dfc23d | Ronald Oussoren | 08 October 2006, 17:43:31 UTC | Backport of missing part of r52229 | 08 October 2006, 17:43:31 UTC |
| 392cafb | Ronald Oussoren | 08 October 2006, 17:41:25 UTC | Port of universal binary support for Mac OSX from python 2.5. This takes away the need for the out-of-tree universal binary support that was used to build the 2.4.3 installer. Missing here relative to that tree are some changes to IDLE, IMHO those patches aren't appropriate for the 2.4 branch and users are better of using 2.5's IDLE. | 08 October 2006, 17:41:25 UTC |
| 16ca35a | Hye-Shik Chang | 08 October 2006, 14:24:26 UTC | Move an old news entry about cjkcodecs to the right place; "Extension Modules". | 08 October 2006, 14:24:26 UTC |
| 2d09be9 | Hye-Shik Chang | 08 October 2006, 13:56:00 UTC | Backport from trunk r52223: Bug #1572832: fix a bug in ISO-2022 codecs which may cause segfault when encoding non-BMP unicode characters. (Submitted by Ray Chason) | 08 October 2006, 13:56:00 UTC |
| 78754c1 | Andrew M. Kuchling | 06 October 2006, 19:26:14 UTC | [Backport r43695 | neal.norwitz] Remove dead code (reported by HP compiler). Can probably be backported if anyone cares. | 06 October 2006, 19:26:14 UTC |
| bec63ce | Andrew M. Kuchling | 06 October 2006, 19:09:36 UTC | [Backport r46044 | neal.norwitz] Fix #132 from Coverity, retval could have been derefed if a continue inside a try failed. | 06 October 2006, 19:09:36 UTC |
| 5e27a6c | Andrew M. Kuchling | 06 October 2006, 18:59:10 UTC | [Backport r46602 | neal.norwitz] Patch #1357836: Prevent an invalid memory read from test_coding in case the done flag is set. In that case, the loop isn't entered. I wonder if rather than setting the done flag in the cases before the loop, if they should just exit early. This code looks like it should be refactored. Backport candidate (also the early break above if decoding_fgets fails) | 06 October 2006, 18:59:10 UTC |
| 08d7a49 | Andrew M. Kuchling | 06 October 2006, 10:38:10 UTC | Case fixes | 06 October 2006, 10:38:10 UTC |
| 5cef0bb | Martin v. Löwis | 06 October 2006, 07:01:45 UTC | Add user32.lib to the libraries. Fixes #1571023. | 06 October 2006, 07:01:45 UTC |
| d176806 | Fred Drake | 06 October 2006, 00:02:58 UTC | - update links - remove Sleepycat name now that they have been bought | 06 October 2006, 00:02:58 UTC |
| 15db383 | Martin v. Löwis | 05 October 2006, 20:04:53 UTC | Include sgml_input.html. | 05 October 2006, 20:04:53 UTC |
| 3e35669 | Andrew M. Kuchling | 05 October 2006, 19:42:49 UTC | [Backport r50679 | neal.norwitz. This is the last Klocwork bug to be backported.] Use sizeof(buffer) instead of duplicating the constants to ensure they won't be wrong. The real change is to pass (bufsz - 1) to PyOS_ascii_formatd and 1 to strncat. strncat copies n+1 bytes from src (not dest). Reported by Klocwork #58. | 05 October 2006, 19:42:49 UTC |
| 32f378b | Andrew M. Kuchling | 05 October 2006, 19:38:17 UTC | [Backport r50681 | neal.norwitz] PyFunction_SetDefaults() is documented as taking None or a tuple. A NULL would crash the PyTuple_Check(). Now make NULL return a SystemError. Reported by Klocwork #73. | 05 October 2006, 19:38:17 UTC |
| 20cc6be | Andrew M. Kuchling | 05 October 2006, 19:32:52 UTC | [Backport r51222 | neal.norwitz -- if you hack the code to set r=NULL, you find that Python does print "MemoryError". There's no traceback and no indication of which line of code is responsible, but it's better than a segfault.] Handle NULL nodes while parsing. I'm not entirely sure this is correct. There might be something else that needs to be done to setup the error. Klocwork #295. | 05 October 2006, 19:32:52 UTC |
| 6d0bc3e | Andrew M. Kuchling | 05 October 2006, 19:25:26 UTC | [Backport r51246 | neal.norwitz] Handle a whole lot of failures from PyString_FromInternedString(). Should fix most of Klocwork 234-272. [Backport r51400 | neal.norwitz] Move initialization of interned strings to before allocating the object so we don't leak op. (Fixes an earlier patch to this code) Klockwork #350 | 05 October 2006, 19:25:26 UTC |
| 154a884 | Andrew M. Kuchling | 05 October 2006, 19:08:30 UTC | [Backport r51221 | neal.norwitz -- the original commit message is wrong; this code is only used if WITHOUT_COMPLEX is *not* defined, which is the common case for Python builds.] This code is actually not used unless WITHOUT_COMPLEX is defined. However, there was no error checking that PyFloat_FromDouble returned a valid pointer. I believe this change is correct as it seemed to follow other code in the area. Klocwork # 292. | 05 October 2006, 19:08:30 UTC |
| 720ea07 | Andrew M. Kuchling | 05 October 2006, 19:01:50 UTC | [Backport r51220 | neal.norwitz] It's highly unlikely, though possible for PyEval_Get*() to return NULLs. So be safe and do an XINCREF. Klocwork # 221-222. | 05 October 2006, 19:01:50 UTC |
| e67841f | Andrew M. Kuchling | 05 October 2006, 18:57:54 UTC | [Backport r50685 | neal.norwitz] Reported by Klocwork #151. v2 can be NULL if exception2 is NULL. I don't think that condition can happen, but I'm not sure it can't either. Now the code will protect against either being NULL. | 05 October 2006, 18:57:54 UTC |
| da604c1 | Andrew M. Kuchling | 05 October 2006, 18:49:36 UTC | [Backport r50783 | neal.norwitz. The bytes_left code is complicated, but looks correct on a casual inspection and hasn't been modified in the trunk. Does anyone want to review further?] Ensure we don't write beyond errText. I think I got this right, but it definitely could use some review to ensure I'm not off by one and there's no possible overflow/wrap-around of bytes_left. Reported by Klocwork #1. Fix a problem if there is a failure allocating self->db. Found with failmalloc. | 05 October 2006, 18:49:36 UTC |
