summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>2020-05-27 15:53:03 (GMT)
committerGitHub <noreply@github.com>2020-05-27 15:53:03 (GMT)
commita285af7e626d1b81cf09f8b2bf7656f100bc1237 (patch)
treea3f5316f6bc5cf5a47fa0926dc5aad815780c22a
parent75635c6095bcfbb9fccc239115d3d03ae20a307f (diff)
downloadcpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.zip
cpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.tar.gz
cpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.tar.bz2
bpo-13097: ctypes: limit callback to 1024 arguments (GH-19914)
ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments. The ctypes module allocates arguments on the stack in ctypes_callproc() using alloca(), which is problematic when large numbers of arguments are passed. Instead of a stack overflow, this commit raises an ArgumentError if more than 1024 parameters are passed. (cherry picked from commit 29a1384c040d39659e7d01f1fd7b6eb71ef2634e) Co-authored-by: Sean Gillespie <sean@swgillespie.me>
-rw-r--r--Lib/ctypes/test/test_callbacks.py15
-rw-r--r--Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst1
-rw-r--r--Modules/_ctypes/callproc.c15
3 files changed, 31 insertions, 0 deletions
diff --git a/Lib/ctypes/test/test_callbacks.py b/Lib/ctypes/test/test_callbacks.py
index f622093..937a06d 100644
--- a/Lib/ctypes/test/test_callbacks.py
+++ b/Lib/ctypes/test/test_callbacks.py
@@ -287,6 +287,21 @@ class SampleCallbacksTestCase(unittest.TestCase):
self.assertEqual(s.second, check.second)
self.assertEqual(s.third, check.third)
+ def test_callback_too_many_args(self):
+ def func(*args):
+ return len(args)
+
+ CTYPES_MAX_ARGCOUNT = 1024
+ proto = CFUNCTYPE(c_int, *(c_int,) * CTYPES_MAX_ARGCOUNT)
+ cb = proto(func)
+ args1 = (1,) * CTYPES_MAX_ARGCOUNT
+ self.assertEqual(cb(*args1), CTYPES_MAX_ARGCOUNT)
+
+ args2 = (1,) * (CTYPES_MAX_ARGCOUNT + 1)
+ with self.assertRaises(ArgumentError):
+ cb(*args2)
+
+
################################################################
if __name__ == '__main__':
diff --git a/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst b/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst
new file mode 100644
index 0000000..a7f5f58
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst
@@ -0,0 +1 @@
+``ctypes`` now raises an ``ArgumentError`` when a callback is invoked with more than 1024 arguments. \ No newline at end of file
diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c
index 4027bdb..e0a110d 100644
--- a/Modules/_ctypes/callproc.c
+++ b/Modules/_ctypes/callproc.c
@@ -1074,6 +1074,14 @@ GetComError(HRESULT errcode, GUID *riid, IUnknown *pIunk)
#endif
/*
+ * bpo-13097: Max number of arguments _ctypes_callproc will accept.
+ *
+ * This limit is enforced for the `alloca()` call in `_ctypes_callproc`,
+ * to avoid allocating a massive buffer on the stack.
+ */
+#define CTYPES_MAX_ARGCOUNT 1024
+
+/*
* Requirements, must be ensured by the caller:
* - argtuple is tuple of arguments
* - argtypes is either NULL, or a tuple of the same size as argtuple
@@ -1108,6 +1116,13 @@ PyObject *_ctypes_callproc(PPROC pProc,
++argcount;
#endif
+ if (argcount > CTYPES_MAX_ARGCOUNT)
+ {
+ PyErr_Format(PyExc_ArgError, "too many arguments (%zi), maximum is %i",
+ argcount, CTYPES_MAX_ARGCOUNT);
+ return NULL;
+ }
+
args = (struct argument *)alloca(sizeof(struct argument) * argcount);
if (!args) {
PyErr_NoMemory();