Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 5bc6a7c

Browse files
serhiy-storchakaserhiy-storchaka
authored
bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869)
1 parent 2eba6ad commit 5bc6a7c

File tree

2 files changed

+29
-2
lines changed

2 files changed

+29
-2
lines changed

Misc/NEWS.d/next/C API/2019-10-21-09-24-03.bpo-38540.314N_T.rst

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for
2+
format units ``"es#"`` and ``"et#"`` when the macro
3+
:c:macro:`PY_SSIZE_T_CLEAN` is not defined.

Python/getargs.c

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1199,7 +1199,19 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
11991199
trailing 0-byte
12001200
12011201
*/
1202-
FETCH_SIZE;
1202+
int *q = NULL; Py_ssize_t *q2 = NULL;
1203+
if (flags & FLAG_SIZE_T) {
1204+
q2 = va_arg(*p_va, Py_ssize_t*);
1205+
}
1206+
else {
1207+
if (PyErr_WarnEx(PyExc_DeprecationWarning,
1208+
"PY_SSIZE_T_CLEAN will be required for '#' formats", 1))
1209+
{
1210+
Py_DECREF(s);
1211+
return NULL;
1212+
}
1213+
q = va_arg(*p_va, int*);
1214+
}
12031215

12041216
format++;
12051217
if (q == NULL && q2 == NULL) {
@@ -1232,7 +1244,19 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
12321244
}
12331245
}
12341246
memcpy(*buffer, ptr, size+1);
1235-
STORE_SIZE(size);
1247+
1248+
if (flags & FLAG_SIZE_T) {
1249+
*q2 = size;
1250+
}
1251+
else {
1252+
if (INT_MAX < size) {
1253+
Py_DECREF(s);
1254+
PyErr_SetString(PyExc_OverflowError,
1255+
"size does not fit in an int");
1256+
return converterr("", arg, msgbuf, bufsize);
1257+
}
1258+
*q = (int)size;
1259+
}
12361260
} else {
12371261
/* Using a 0-terminated buffer:
12381262

0 commit comments

Comments
 (0)