Issue #12881: ctypes: Fix segfault with large structure field names.

meadori · meadori · commit 29f43f736811 · 2011-10-03T21:48:30.000-05:00
diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py
@@ -326,6 +326,18 @@ class Person(Structure):
         else:
             self.assertEqual(msg, "(Phone) TypeError: too many initializers")
 
+    def test_huge_field_name(self):
+        # issue12881: segfault with large structure field names
+        def create_class(length):
+            class S(Structure):
+                _fields_ = [('x' * length, c_int)]
+
+        for length in [10 ** i for i in range(0, 8)]:
+            try:
+                create_class(length)
+            except MemoryError:
+                # MemoryErrors are OK, we just don't want to segfault
+                pass
 
     def get_except(self, func, *args):
         try:
diff --git a/Misc/NEWS b/Misc/NEWS
@@ -1303,6 +1303,8 @@ Tools/Demos
 Extension Modules
 -----------------
 
+- Issue #12881: ctypes: Fix segfault with large structure field names.
+
 - Issue #13058: ossaudiodev: fix a file descriptor leak on error. Patch by
   Thomas Jarosch.
 
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
@@ -493,13 +493,19 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
             }
 
             len = strlen(fieldname) + strlen(fieldfmt);
-            buf = alloca(len + 2 + 1);
 
+            buf = PyMem_Malloc(len + 2 + 1);
+            if (buf == NULL) {
+                Py_DECREF(pair);
+                PyErr_NoMemory();
+                return -1;
+            }
             sprintf(buf, "%s:%s:", fieldfmt, fieldname);
 
             ptr = stgdict->format;
             stgdict->format = _ctypes_alloc_format_string(stgdict->format, buf);
             PyMem_Free(ptr);
+            PyMem_Free(buf);
 
             if (stgdict->format == NULL) {
                 Py_DECREF(pair);
