Merge pull request #197 from maxmind/greg/eng-1832

horgh · web-flow · commit e6e8398f0dc2 · 2025-05-05T11:50:28.000-07:00
Correctly handle null check of entry_data_list
diff --git a/.github/workflows/clang-analyzer.yml b/.github/workflows/clang-analyzer.yml
@@ -28,14 +28,12 @@ jobs:
           python-version: 3.13
 
       - name: Install dependencies
-        run: |
-              python -m pip install --upgrade pip
-              pip install setuptools wheel
+        run: python -m pip install uv
 
       - name: Build and run analyzer
         # We exclude extension/libmaxminddb/ as libmaxminddb has its own workflow
         # for this and we are not able to correct any issues with that code here.
-        run: scan-build --exclude extension/libmaxminddb/ --status-bugs python setup.py build
+        run: scan-build --exclude extension/libmaxminddb/ --status-bugs uv build
         env:
           CFLAGS: "-Werror -Wall -Wextra"
           MAXMINDDB_REQUIRE_EXTENSION: 1
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -48,11 +48,9 @@ jobs:
     #    uses a compiled language
 
     - name: Install dependencies
-      run: |
-            python -m pip install --upgrade pip
-            pip install setuptools wheel
+      run: python -m pip install uv
 
-    - run: python setup.py build
+    - run: uv build
       env:
         MAXMINDDB_REQUIRE_EXTENSION: 1
 
diff --git a/.github/workflows/test-libmaxminddb.yml b/.github/workflows/test-libmaxminddb.yml
@@ -40,7 +40,7 @@ jobs:
       - name: Install dependencies
         run: |
               python -m pip install --upgrade pip
-              pip install setuptools tox tox-gh-actions wheel
+              pip install setuptools tox tox-gh-actions uv wheel
 
 
       - name: Install libmaxminddb
@@ -58,7 +58,7 @@ jobs:
           echo "LDFLAGS=-L/opt/homebrew/lib" >> "$GITHUB_ENV"
 
       - name: Build with Werror and Wall
-        run: python setup.py build
+        run: uv build
         env:
           CFLAGS: "${{ env.CFLAGS }} -Werror -Wall -Wextra"
 
diff --git a/.gitignore b/.gitignore
@@ -4,6 +4,7 @@
 *.so
 *.sw?
 *~
+.clangd
 .coverage
 .eggs
 .idea
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -11,6 +11,8 @@ History
 * The vendored ``libmaxminddb`` has been updated to 1.12.2.
 * The C extension now checks that the database metadata lookup was
   successful.
+* A theoretical segmentation fault with the C extension when doing lookups
+  on a corrupt or invalid database was fixed.
 
 2.6.3 (2025-01-09)
 ++++++++++++++++++
diff --git a/extension/maxminddb.c b/extension/maxminddb.c
@@ -751,10 +751,7 @@ static PyObject *from_map(MMDB_entry_data_list_s **entry_data_list) {
     const uint32_t map_size = (*entry_data_list)->entry_data.data_size;
 
     uint32_t i;
-    // entry_data_list cannot start out NULL (see from_entry_data_list). We
-    // check it in the loop because it may become NULL.
-    // coverity[check_after_deref]
-    for (i = 0; i < map_size && entry_data_list; i++) {
+    for (i = 0; i < map_size && *entry_data_list; i++) {
         *entry_data_list = (*entry_data_list)->next;
 
         PyObject *key = PyUnicode_FromStringAndSize(
@@ -792,10 +789,7 @@ static PyObject *from_array(MMDB_entry_data_list_s **entry_data_list) {
     }
 
     uint32_t i;
-    // entry_data_list cannot start out NULL (see from_entry_data_list). We
-    // check it in the loop because it may become NULL.
-    // coverity[check_after_deref]
-    for (i = 0; i < size && entry_data_list; i++) {
+    for (i = 0; i < size && *entry_data_list; i++) {
         *entry_data_list = (*entry_data_list)->next;
         PyObject *value = from_entry_data_list(entry_data_list);
         if (value == NULL) {
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,3 @@
-[build-system]
-requires = ["setuptools>=68.2.2", "setuptools-scm", "wheel"]
-build-backend = "setuptools.build_meta"
-
 [project]
 name = "maxminddb"
 version = "2.6.3"
@@ -11,13 +7,12 @@ authors = [
 ]
 requires-python = ">=3.9"
 readme = "README.rst"
-license = {text = "Apache License, Version 2.0"}
+license = "Apache-2.0"
 classifiers = [
     "Development Status :: 5 - Production/Stable",
     "Environment :: Web Environment",
     "Intended Audience :: Developers",
     "Intended Audience :: System Administrators",
-    "License :: OSI Approved :: Apache Software License",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
     "Programming Language :: Python :: 3.9",
@@ -46,6 +41,14 @@ lint = [
     "ruff>=0.11.6",
 ]
 
+[build-system]
+requires = [
+    "setuptools>=77.0.3",
+    "setuptools-scm",
+    "wheel",
+]
+build-backend = "setuptools.build_meta"
+
 [tool.setuptools.package-data]
 maxminddb = ["py.typed"]
 

-Original file line number
+Diff line change
 *.so
 *.sw?
 *~
 +.clangd
 .coverage
 .eggs
 .idea