summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2014-05-30 11:25:22 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2014-05-30 11:25:22 (GMT)
commit1753d2255e14e1a768e4db63e5353191ad1e54e1 (patch)
tree88416765d2dd50268cf305a93c83eda4e9fe920a
parent88c56cbba5b7485aa2a0aac75a91b4c273253eca (diff)
parent79851d755bf4edacd3f423c5e2cca21d0c07c3b6 (diff)
downloadcpython-1753d2255e14e1a768e4db63e5353191ad1e54e1.zip
cpython-1753d2255e14e1a768e4db63e5353191ad1e54e1.tar.gz
cpython-1753d2255e14e1a768e4db63e5353191ad1e54e1.tar.bz2
Issue #21552: Fixed possible integer overflow of too long string lengths in
the tkinter module on 64-bit platforms.
-rw-r--r--Lib/test/test_tcl.py27
-rw-r--r--Misc/NEWS3
-rw-r--r--Modules/_tkinter.c36
3 files changed, 64 insertions, 2 deletions
diff --git a/Lib/test/test_tcl.py b/Lib/test/test_tcl.py
index cc9f6c2..db65566 100644
--- a/Lib/test/test_tcl.py
+++ b/Lib/test/test_tcl.py
@@ -565,10 +565,35 @@ class BigmemTclTest(unittest.TestCase):
@support.cpython_only
@unittest.skipUnless(INT_MAX < PY_SSIZE_T_MAX, "needs UINT_MAX < SIZE_MAX")
@support.bigmemtest(size=INT_MAX + 1, memuse=5, dry_run=False)
- def test_huge_string(self, size):
+ def test_huge_string_call(self, size):
value = ' ' * size
self.assertRaises(OverflowError, self.interp.call, 'set', '_', value)
+ @support.cpython_only
+ @unittest.skipUnless(INT_MAX < PY_SSIZE_T_MAX, "needs UINT_MAX < SIZE_MAX")
+ @support.bigmemtest(size=INT_MAX + 1, memuse=9, dry_run=False)
+ def test_huge_string_builtins(self, size):
+ value = '1' + ' ' * size
+ self.assertRaises(OverflowError, self.interp.getint, value)
+ self.assertRaises(OverflowError, self.interp.getdouble, value)
+ self.assertRaises(OverflowError, self.interp.getboolean, value)
+ self.assertRaises(OverflowError, self.interp.eval, value)
+ self.assertRaises(OverflowError, self.interp.evalfile, value)
+ self.assertRaises(OverflowError, self.interp.record, value)
+ self.assertRaises(OverflowError, self.interp.adderrorinfo, value)
+ self.assertRaises(OverflowError, self.interp.setvar, value, 'x', 'a')
+ self.assertRaises(OverflowError, self.interp.setvar, 'x', value, 'a')
+ self.assertRaises(OverflowError, self.interp.unsetvar, value)
+ self.assertRaises(OverflowError, self.interp.unsetvar, 'x', value)
+ self.assertRaises(OverflowError, self.interp.adderrorinfo, value)
+ self.assertRaises(OverflowError, self.interp.exprstring, value)
+ self.assertRaises(OverflowError, self.interp.exprlong, value)
+ self.assertRaises(OverflowError, self.interp.exprboolean, value)
+ self.assertRaises(OverflowError, self.interp.splitlist, value)
+ self.assertRaises(OverflowError, self.interp.split, value)
+ self.assertRaises(OverflowError, self.interp.createcommand, value, max)
+ self.assertRaises(OverflowError, self.interp.deletecommand, value)
+
def setUpModule():
if support.verbose:
diff --git a/Misc/NEWS b/Misc/NEWS
index 9047b2b..eacf319 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -89,6 +89,9 @@ Core and Builtins
Library
-------
+- Issue #21552: Fixed possible integer overflow of too long string lengths in
+ the tkinter module on 64-bit platforms.
+
- Issue #14315: The zipfile module now ignores extra fields in the central
directory that are too short to be parsed instead of letting a struct.unpack
error bubble up as this "bad data" appears in many real world zip files in
diff --git a/Modules/_tkinter.c b/Modules/_tkinter.c
index 0b8e555..394fc8d 100644
--- a/Modules/_tkinter.c
+++ b/Modules/_tkinter.c
@@ -881,6 +881,16 @@ static PyType_Spec PyTclObject_Type_spec = {
};
+#if PY_SIZE_MAX > INT_MAX
+#define CHECK_STRING_LENGTH(s) do { \
+ if (s != NULL && strlen(s) >= INT_MAX) { \
+ PyErr_SetString(PyExc_OverflowError, "string is too long"); \
+ return NULL; \
+ } } while(0)
+#else
+#define CHECK_STRING_LENGTH(s)
+#endif
+
static Tcl_Obj*
AsObj(PyObject *value)
{
@@ -1303,6 +1313,7 @@ Tkapp_Eval(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:eval", &script))
return NULL;
+ CHECK_STRING_LENGTH(script);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1326,6 +1337,7 @@ Tkapp_EvalFile(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:evalfile", &fileName))
return NULL;
+ CHECK_STRING_LENGTH(fileName);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1346,9 +1358,10 @@ Tkapp_Record(PyObject *self, PyObject *args)
PyObject *res = NULL;
int err;
- if (!PyArg_ParseTuple(args, "s", &script))
+ if (!PyArg_ParseTuple(args, "s:record", &script))
return NULL;
+ CHECK_STRING_LENGTH(script);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1369,6 +1382,7 @@ Tkapp_AddErrorInfo(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:adderrorinfo", &msg))
return NULL;
+ CHECK_STRING_LENGTH(msg);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1552,6 +1566,8 @@ SetVar(PyObject *self, PyObject *args, int flags)
if (!PyArg_ParseTuple(args, "ssO:setvar",
&name1, &name2, &newValue))
return NULL;
+ CHECK_STRING_LENGTH(name1);
+ CHECK_STRING_LENGTH(name2);
/* XXX must hold tcl lock already??? */
newval = AsObj(newValue);
ENTER_TCL
@@ -1597,6 +1613,7 @@ GetVar(PyObject *self, PyObject *args, int flags)
varname_converter, &name1, &name2))
return NULL;
+ CHECK_STRING_LENGTH(name2);
ENTER_TCL
tres = Tcl_GetVar2Ex(Tkapp_Interp(self), name1, name2, flags);
ENTER_OVERLAP
@@ -1639,6 +1656,8 @@ UnsetVar(PyObject *self, PyObject *args, int flags)
if (!PyArg_ParseTuple(args, "s|s:unsetvar", &name1, &name2))
return NULL;
+ CHECK_STRING_LENGTH(name1);
+ CHECK_STRING_LENGTH(name2);
ENTER_TCL
code = Tcl_UnsetVar2(Tkapp_Interp(self), name1, name2, flags);
ENTER_OVERLAP
@@ -1684,6 +1703,7 @@ Tkapp_GetInt(PyObject *self, PyObject *args)
}
if (!PyArg_ParseTuple(args, "s:getint", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
if (Tcl_GetInt(Tkapp_Interp(self), s, &v) == TCL_ERROR)
return Tkinter_Error(self);
return Py_BuildValue("i", v);
@@ -1704,6 +1724,7 @@ Tkapp_GetDouble(PyObject *self, PyObject *args)
}
if (!PyArg_ParseTuple(args, "s:getdouble", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
if (Tcl_GetDouble(Tkapp_Interp(self), s, &v) == TCL_ERROR)
return Tkinter_Error(self);
return Py_BuildValue("d", v);
@@ -1724,6 +1745,7 @@ Tkapp_GetBoolean(PyObject *self, PyObject *args)
}
if (!PyArg_ParseTuple(args, "s:getboolean", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
if (Tcl_GetBoolean(Tkapp_Interp(self), s, &v) == TCL_ERROR)
return Tkinter_Error(self);
return PyBool_FromLong(v);
@@ -1739,6 +1761,7 @@ Tkapp_ExprString(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:exprstring", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1763,6 +1786,7 @@ Tkapp_ExprLong(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:exprlong", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
CHECK_TCL_APPARTMENT;
ENTER_TCL
@@ -1786,6 +1810,7 @@ Tkapp_ExprDouble(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:exprdouble", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
CHECK_TCL_APPARTMENT;
PyFPE_START_PROTECT("Tkapp_ExprDouble", return 0)
ENTER_TCL
@@ -1810,6 +1835,7 @@ Tkapp_ExprBoolean(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "s:exprboolean", &s))
return NULL;
+ CHECK_STRING_LENGTH(s);
CHECK_TCL_APPARTMENT;
ENTER_TCL
retval = Tcl_ExprBoolean(Tkapp_Interp(self), s, &v);
@@ -1865,6 +1891,7 @@ Tkapp_SplitList(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "et:splitlist", "utf-8", &list))
return NULL;
+ CHECK_STRING_LENGTH(list);
if (Tcl_SplitList(Tkapp_Interp(self), list,
&argc, &argv) == TCL_ERROR) {
PyMem_Free(list);
@@ -1926,6 +1953,7 @@ Tkapp_Split(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "et:split", "utf-8", &list))
return NULL;
+ CHECK_STRING_LENGTH(list);
v = Split(list);
PyMem_Free(list);
return v;
@@ -2057,6 +2085,7 @@ Tkapp_CreateCommand(PyObject *selfptr, PyObject *args)
if (!PyArg_ParseTuple(args, "sO:createcommand", &cmdName, &func))
return NULL;
+ CHECK_STRING_LENGTH(cmdName);
if (!PyCallable_Check(func)) {
PyErr_SetString(PyExc_TypeError, "command not callable");
return NULL;
@@ -2118,6 +2147,7 @@ Tkapp_DeleteCommand(PyObject *selfptr, PyObject *args)
if (!PyArg_ParseTuple(args, "s:deletecommand", &cmdName))
return NULL;
+ CHECK_STRING_LENGTH(cmdName);
#ifdef WITH_THREAD
if (self->threaded && self->thread_id != Tcl_GetCurrentThread()) {
@@ -2789,6 +2819,10 @@ Tkinter_Create(PyObject *self, PyObject *args)
&interactive, &wantobjects, &wantTk,
&sync, &use))
return NULL;
+ CHECK_STRING_LENGTH(screenName);
+ CHECK_STRING_LENGTH(baseName);
+ CHECK_STRING_LENGTH(className);
+ CHECK_STRING_LENGTH(use);
return (PyObject *) Tkapp_New(screenName, className,
interactive, wantobjects, wantTk,