Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 79851d7

Browse files
serhiy-storchakaserhiy-storchaka
committed
Issue #21552: Fixed possible integer overflow of too long string lengths in
the tkinter module on 64-bit platforms.
1 parent 9f1f4f4 commit 79851d7

3 files changed

Lines changed: 64 additions & 2 deletions

File tree

Lib/test/test_tcl.py

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -557,10 +557,35 @@ def setUp(self):
557557
@support.cpython_only
558558
@unittest.skipUnless(INT_MAX < PY_SSIZE_T_MAX, "needs UINT_MAX < SIZE_MAX")
559559
@support.bigmemtest(size=INT_MAX + 1, memuse=5, dry_run=False)
560-
def test_huge_string(self, size):
560+
def test_huge_string_call(self, size):
561561
value = ' ' * size
562562
self.assertRaises(OverflowError, self.interp.call, 'set', '_', value)
563563

564+
@support.cpython_only
565+
@unittest.skipUnless(INT_MAX < PY_SSIZE_T_MAX, "needs UINT_MAX < SIZE_MAX")
566+
@support.bigmemtest(size=INT_MAX + 1, memuse=9, dry_run=False)
567+
def test_huge_string_builtins(self, size):
568+
value = '1' + ' ' * size
569+
self.assertRaises(OverflowError, self.interp.getint, value)
570+
self.assertRaises(OverflowError, self.interp.getdouble, value)
571+
self.assertRaises(OverflowError, self.interp.getboolean, value)
572+
self.assertRaises(OverflowError, self.interp.eval, value)
573+
self.assertRaises(OverflowError, self.interp.evalfile, value)
574+
self.assertRaises(OverflowError, self.interp.record, value)
575+
self.assertRaises(OverflowError, self.interp.adderrorinfo, value)
576+
self.assertRaises(OverflowError, self.interp.setvar, value, 'x', 'a')
577+
self.assertRaises(OverflowError, self.interp.setvar, 'x', value, 'a')
578+
self.assertRaises(OverflowError, self.interp.unsetvar, value)
579+
self.assertRaises(OverflowError, self.interp.unsetvar, 'x', value)
580+
self.assertRaises(OverflowError, self.interp.adderrorinfo, value)
581+
self.assertRaises(OverflowError, self.interp.exprstring, value)
582+
self.assertRaises(OverflowError, self.interp.exprlong, value)
583+
self.assertRaises(OverflowError, self.interp.exprboolean, value)
584+
self.assertRaises(OverflowError, self.interp.splitlist, value)
585+
self.assertRaises(OverflowError, self.interp.split, value)
586+
self.assertRaises(OverflowError, self.interp.createcommand, value, max)
587+
self.assertRaises(OverflowError, self.interp.deletecommand, value)
588+
564589

565590
def setUpModule():
566591
if support.verbose:

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ Core and Builtins
1818
Library
1919
-------
2020

21+
- Issue #21552: Fixed possible integer overflow of too long string lengths in
22+
the tkinter module on 64-bit platforms.
23+
2124
- Issue #14315: The zipfile module now ignores extra fields in the central
2225
directory that are too short to be parsed instead of letting a struct.unpack
2326
error bubble up as this "bad data" appears in many real world zip files in

Modules/_tkinter.c

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -861,6 +861,16 @@ static PyType_Spec PyTclObject_Type_spec = {
861861
};
862862

863863

864+
#if PY_SIZE_MAX > INT_MAX
865+
#define CHECK_STRING_LENGTH(s) do { \
866+
if (s != NULL && strlen(s) >= INT_MAX) { \
867+
PyErr_SetString(PyExc_OverflowError, "string is too long"); \
868+
return NULL; \
869+
} } while(0)
870+
#else
871+
#define CHECK_STRING_LENGTH(s)
872+
#endif
873+
864874
static Tcl_Obj*
865875
AsObj(PyObject *value)
866876
{
@@ -1279,6 +1289,7 @@ Tkapp_Eval(PyObject *self, PyObject *args)
12791289
if (!PyArg_ParseTuple(args, "s:eval", &script))
12801290
return NULL;
12811291

1292+
CHECK_STRING_LENGTH(script);
12821293
CHECK_TCL_APPARTMENT;
12831294

12841295
ENTER_TCL
@@ -1302,6 +1313,7 @@ Tkapp_EvalFile(PyObject *self, PyObject *args)
13021313
if (!PyArg_ParseTuple(args, "s:evalfile", &fileName))
13031314
return NULL;
13041315

1316+
CHECK_STRING_LENGTH(fileName);
13051317
CHECK_TCL_APPARTMENT;
13061318

13071319
ENTER_TCL
@@ -1322,9 +1334,10 @@ Tkapp_Record(PyObject *self, PyObject *args)
13221334
PyObject *res = NULL;
13231335
int err;
13241336

1325-
if (!PyArg_ParseTuple(args, "s", &script))
1337+
if (!PyArg_ParseTuple(args, "s:record", &script))
13261338
return NULL;
13271339

1340+
CHECK_STRING_LENGTH(script);
13281341
CHECK_TCL_APPARTMENT;
13291342

13301343
ENTER_TCL
@@ -1345,6 +1358,7 @@ Tkapp_AddErrorInfo(PyObject *self, PyObject *args)
13451358

13461359
if (!PyArg_ParseTuple(args, "s:adderrorinfo", &msg))
13471360
return NULL;
1361+
CHECK_STRING_LENGTH(msg);
13481362
CHECK_TCL_APPARTMENT;
13491363

13501364
ENTER_TCL
@@ -1528,6 +1542,8 @@ SetVar(PyObject *self, PyObject *args, int flags)
15281542
if (!PyArg_ParseTuple(args, "ssO:setvar",
15291543
&name1, &name2, &newValue))
15301544
return NULL;
1545+
CHECK_STRING_LENGTH(name1);
1546+
CHECK_STRING_LENGTH(name2);
15311547
/* XXX must hold tcl lock already??? */
15321548
newval = AsObj(newValue);
15331549
ENTER_TCL
@@ -1573,6 +1589,7 @@ GetVar(PyObject *self, PyObject *args, int flags)
15731589
varname_converter, &name1, &name2))
15741590
return NULL;
15751591

1592+
CHECK_STRING_LENGTH(name2);
15761593
ENTER_TCL
15771594
tres = Tcl_GetVar2Ex(Tkapp_Interp(self), name1, name2, flags);
15781595
ENTER_OVERLAP
@@ -1615,6 +1632,8 @@ UnsetVar(PyObject *self, PyObject *args, int flags)
16151632
if (!PyArg_ParseTuple(args, "s|s:unsetvar", &name1, &name2))
16161633
return NULL;
16171634

1635+
CHECK_STRING_LENGTH(name1);
1636+
CHECK_STRING_LENGTH(name2);
16181637
ENTER_TCL
16191638
code = Tcl_UnsetVar2(Tkapp_Interp(self), name1, name2, flags);
16201639
ENTER_OVERLAP
@@ -1660,6 +1679,7 @@ Tkapp_GetInt(PyObject *self, PyObject *args)
16601679
}
16611680
if (!PyArg_ParseTuple(args, "s:getint", &s))
16621681
return NULL;
1682+
CHECK_STRING_LENGTH(s);
16631683
if (Tcl_GetInt(Tkapp_Interp(self), s, &v) == TCL_ERROR)
16641684
return Tkinter_Error(self);
16651685
return Py_BuildValue("i", v);
@@ -1680,6 +1700,7 @@ Tkapp_GetDouble(PyObject *self, PyObject *args)
16801700
}
16811701
if (!PyArg_ParseTuple(args, "s:getdouble", &s))
16821702
return NULL;
1703+
CHECK_STRING_LENGTH(s);
16831704
if (Tcl_GetDouble(Tkapp_Interp(self), s, &v) == TCL_ERROR)
16841705
return Tkinter_Error(self);
16851706
return Py_BuildValue("d", v);
@@ -1700,6 +1721,7 @@ Tkapp_GetBoolean(PyObject *self, PyObject *args)
17001721
}
17011722
if (!PyArg_ParseTuple(args, "s:getboolean", &s))
17021723
return NULL;
1724+
CHECK_STRING_LENGTH(s);
17031725
if (Tcl_GetBoolean(Tkapp_Interp(self), s, &v) == TCL_ERROR)
17041726
return Tkinter_Error(self);
17051727
return PyBool_FromLong(v);
@@ -1715,6 +1737,7 @@ Tkapp_ExprString(PyObject *self, PyObject *args)
17151737
if (!PyArg_ParseTuple(args, "s:exprstring", &s))
17161738
return NULL;
17171739

1740+
CHECK_STRING_LENGTH(s);
17181741
CHECK_TCL_APPARTMENT;
17191742

17201743
ENTER_TCL
@@ -1739,6 +1762,7 @@ Tkapp_ExprLong(PyObject *self, PyObject *args)
17391762
if (!PyArg_ParseTuple(args, "s:exprlong", &s))
17401763
return NULL;
17411764

1765+
CHECK_STRING_LENGTH(s);
17421766
CHECK_TCL_APPARTMENT;
17431767

17441768
ENTER_TCL
@@ -1762,6 +1786,7 @@ Tkapp_ExprDouble(PyObject *self, PyObject *args)
17621786

17631787
if (!PyArg_ParseTuple(args, "s:exprdouble", &s))
17641788
return NULL;
1789+
CHECK_STRING_LENGTH(s);
17651790
CHECK_TCL_APPARTMENT;
17661791
PyFPE_START_PROTECT("Tkapp_ExprDouble", return 0)
17671792
ENTER_TCL
@@ -1786,6 +1811,7 @@ Tkapp_ExprBoolean(PyObject *self, PyObject *args)
17861811

17871812
if (!PyArg_ParseTuple(args, "s:exprboolean", &s))
17881813
return NULL;
1814+
CHECK_STRING_LENGTH(s);
17891815
CHECK_TCL_APPARTMENT;
17901816
ENTER_TCL
17911817
retval = Tcl_ExprBoolean(Tkapp_Interp(self), s, &v);
@@ -1838,6 +1864,7 @@ Tkapp_SplitList(PyObject *self, PyObject *args)
18381864
if (!PyArg_ParseTuple(args, "et:splitlist", "utf-8", &list))
18391865
return NULL;
18401866

1867+
CHECK_STRING_LENGTH(list);
18411868
if (Tcl_SplitList(Tkapp_Interp(self), list,
18421869
&argc, &argv) == TCL_ERROR) {
18431870
PyMem_Free(list);
@@ -1899,6 +1926,7 @@ Tkapp_Split(PyObject *self, PyObject *args)
18991926

19001927
if (!PyArg_ParseTuple(args, "et:split", "utf-8", &list))
19011928
return NULL;
1929+
CHECK_STRING_LENGTH(list);
19021930
v = Split(list);
19031931
PyMem_Free(list);
19041932
return v;
@@ -2030,6 +2058,7 @@ Tkapp_CreateCommand(PyObject *selfptr, PyObject *args)
20302058

20312059
if (!PyArg_ParseTuple(args, "sO:createcommand", &cmdName, &func))
20322060
return NULL;
2061+
CHECK_STRING_LENGTH(cmdName);
20332062
if (!PyCallable_Check(func)) {
20342063
PyErr_SetString(PyExc_TypeError, "command not callable");
20352064
return NULL;
@@ -2091,6 +2120,7 @@ Tkapp_DeleteCommand(PyObject *selfptr, PyObject *args)
20912120

20922121
if (!PyArg_ParseTuple(args, "s:deletecommand", &cmdName))
20932122
return NULL;
2123+
CHECK_STRING_LENGTH(cmdName);
20942124

20952125
#ifdef WITH_THREAD
20962126
if (self->threaded && self->thread_id != Tcl_GetCurrentThread()) {
@@ -2782,6 +2812,10 @@ Tkinter_Create(PyObject *self, PyObject *args)
27822812
&interactive, &wantobjects, &wantTk,
27832813
&sync, &use))
27842814
return NULL;
2815+
CHECK_STRING_LENGTH(screenName);
2816+
CHECK_STRING_LENGTH(baseName);
2817+
CHECK_STRING_LENGTH(className);
2818+
CHECK_STRING_LENGTH(use);
27852819

27862820
return (PyObject *) Tkapp_New(screenName, className,
27872821
interactive, wantobjects, wantTk,

0 commit comments

Comments
 (0)