diff options
| author | Meador Inge <meadori@gmail.com> | 2011-10-04 02:34:04 (GMT) |
|---|---|---|
| committer | Meador Inge <meadori@gmail.com> | 2011-10-04 02:34:04 (GMT) |
| commit | ad349a190e923b32e7ef43ddafffde93df75051a (patch) | |
| tree | e4b1751719ea6cc935e1f56fd9f904db17b22f55 | |
| parent | 83cc512a01d33d5e6fcc3be2ce62a9a644dd3b50 (diff) | |
| download | cpython-ad349a190e923b32e7ef43ddafffde93df75051a.zip cpython-ad349a190e923b32e7ef43ddafffde93df75051a.tar.gz cpython-ad349a190e923b32e7ef43ddafffde93df75051a.tar.bz2 | |
Issue #12881: ctypes: Fix segfault with large structure field names.
| -rw-r--r-- | Lib/ctypes/test/test_structures.py | 12 | ||||
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/_ctypes/stgdict.c | 8 |
3 files changed, 21 insertions, 1 deletions
diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py index a84bae0..1bde101 100644 --- a/Lib/ctypes/test/test_structures.py +++ b/Lib/ctypes/test/test_structures.py @@ -332,6 +332,18 @@ class StructureTestCase(unittest.TestCase): else: self.assertEqual(msg, "(Phone) exceptions.TypeError: too many initializers") + def test_huge_field_name(self): + # issue12881: segfault with large structure field names + def create_class(length): + class S(Structure): + _fields_ = [('x' * length, c_int)] + + for length in [10 ** i for i in range(0, 8)]: + try: + create_class(length) + except MemoryError: + # MemoryErrors are OK, we just don't want to segfault + pass def get_except(self, func, *args): try: @@ -210,6 +210,8 @@ Library Extension Modules ----------------- +- Issue #12881: ctypes: Fix segfault with large structure field names. + - Issue #13013: ctypes: Fix a reference leak in PyCArrayType_from_ctype. Thanks to Suman Saha for finding the bug and providing a patch. diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c index 4d4ecc4..773233f 100644 --- a/Modules/_ctypes/stgdict.c +++ b/Modules/_ctypes/stgdict.c @@ -508,13 +508,19 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct } len = strlen(fieldname) + strlen(fieldfmt); - buf = alloca(len + 2 + 1); + buf = PyMem_Malloc(len + 2 + 1); + if (buf == NULL) { + Py_DECREF(pair); + PyErr_NoMemory(); + return -1; + } sprintf(buf, "%s:%s:", fieldfmt, fieldname); ptr = stgdict->format; stgdict->format = _ctypes_alloc_format_string(stgdict->format, buf); PyMem_Free(ptr); + PyMem_Free(buf); if (stgdict->format == NULL) { Py_DECREF(pair); |