[Python-checkins] bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) (GH-12678)
Serhiy Storchaka
webhook-mailer at python.org
Wed Apr 3 15:00:13 EDT 2019
https://github.com/python/cpython/commit/fd83a823a6f268dc97ee2bf7d8a1a88d948446e5
commit: fd83a823a6f268dc97ee2bf7d8a1a88d948446e5
branch: 2.7
author: Zackery Spytz <zspytz at gmail.com>
committer: Serhiy Storchaka <storchaka at gmail.com>
date: 2019-04-03T21:59:51+03:00
summary:
bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) (GH-12678)
(cherry picked from commit 487b73ab39c80157474821ef9083f51e0846bd62)
files:
A Misc/NEWS.d/next/Core and Builtins/2019-04-02-04-10-32.bpo-36504.k_V8Bm.rst
M Lib/ctypes/test/test_arrays.py
M Modules/_ctypes/_ctypes.c
diff --git a/Lib/ctypes/test/test_arrays.py b/Lib/ctypes/test/test_arrays.py
index 53859a3e5e93..29fd422a68cc 100644
--- a/Lib/ctypes/test/test_arrays.py
+++ b/Lib/ctypes/test/test_arrays.py
@@ -134,6 +134,12 @@ class my_int(c_int):
t2 = my_int * 1
self.assertIs(t1, t2)
+ def test_bpo36504_signed_int_overflow(self):
+ # The overflow check in PyCArrayType_new() could cause signed integer
+ # overflow.
+ with self.assertRaises(OverflowError):
+ c_char * sys.maxsize * 2
+
@unittest.skipUnless(sys.maxsize > 2**32, 'requires 64bit platform')
@precisionbigmemtest(size=_2G, memuse=1, dry_run=False)
def test_large_array(self, size):
diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-04-02-04-10-32.bpo-36504.k_V8Bm.rst b/Misc/NEWS.d/next/Core and Builtins/2019-04-02-04-10-32.bpo-36504.k_V8Bm.rst
new file mode 100644
index 000000000000..8ac209d4a789
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2019-04-02-04-10-32.bpo-36504.k_V8Bm.rst
@@ -0,0 +1 @@
+Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``.
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
index 33e224386fb1..d608100243d8 100644
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -1534,7 +1534,7 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
}
itemsize = itemdict->size;
- if (length * itemsize < 0) {
+ if (length > PY_SSIZE_T_MAX / itemsize) {
PyErr_SetString(PyExc_OverflowError,
"array too large");
Py_DECREF(stgdict);
More information about the Python-checkins
mailing list