diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2020-05-27 15:53:03 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-27 15:53:03 (GMT) |
commit | a285af7e626d1b81cf09f8b2bf7656f100bc1237 (patch) | |
tree | a3f5316f6bc5cf5a47fa0926dc5aad815780c22a | |
parent | 75635c6095bcfbb9fccc239115d3d03ae20a307f (diff) | |
download | cpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.zip cpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.tar.gz cpython-a285af7e626d1b81cf09f8b2bf7656f100bc1237.tar.bz2 |
bpo-13097: ctypes: limit callback to 1024 arguments (GH-19914)
ctypes now raises an ArgumentError when a callback
is invoked with more than 1024 arguments.
The ctypes module allocates arguments on the stack in
ctypes_callproc() using alloca(), which is problematic
when large numbers of arguments are passed. Instead
of a stack overflow, this commit raises an ArgumentError
if more than 1024 parameters are passed.
(cherry picked from commit 29a1384c040d39659e7d01f1fd7b6eb71ef2634e)
Co-authored-by: Sean Gillespie <sean@swgillespie.me>
-rw-r--r-- | Lib/ctypes/test/test_callbacks.py | 15 | ||||
-rw-r--r-- | Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst | 1 | ||||
-rw-r--r-- | Modules/_ctypes/callproc.c | 15 |
3 files changed, 31 insertions, 0 deletions
diff --git a/Lib/ctypes/test/test_callbacks.py b/Lib/ctypes/test/test_callbacks.py index f622093..937a06d 100644 --- a/Lib/ctypes/test/test_callbacks.py +++ b/Lib/ctypes/test/test_callbacks.py @@ -287,6 +287,21 @@ class SampleCallbacksTestCase(unittest.TestCase): self.assertEqual(s.second, check.second) self.assertEqual(s.third, check.third) + def test_callback_too_many_args(self): + def func(*args): + return len(args) + + CTYPES_MAX_ARGCOUNT = 1024 + proto = CFUNCTYPE(c_int, *(c_int,) * CTYPES_MAX_ARGCOUNT) + cb = proto(func) + args1 = (1,) * CTYPES_MAX_ARGCOUNT + self.assertEqual(cb(*args1), CTYPES_MAX_ARGCOUNT) + + args2 = (1,) * (CTYPES_MAX_ARGCOUNT + 1) + with self.assertRaises(ArgumentError): + cb(*args2) + + ################################################################ if __name__ == '__main__': diff --git a/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst b/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst new file mode 100644 index 0000000..a7f5f58 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2020-05-06-02-01-25.bpo-13097.Wh5xSK.rst @@ -0,0 +1 @@ +``ctypes`` now raises an ``ArgumentError`` when a callback is invoked with more than 1024 arguments.
\ No newline at end of file diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c index 4027bdb..e0a110d 100644 --- a/Modules/_ctypes/callproc.c +++ b/Modules/_ctypes/callproc.c @@ -1074,6 +1074,14 @@ GetComError(HRESULT errcode, GUID *riid, IUnknown *pIunk) #endif /* + * bpo-13097: Max number of arguments _ctypes_callproc will accept. + * + * This limit is enforced for the `alloca()` call in `_ctypes_callproc`, + * to avoid allocating a massive buffer on the stack. + */ +#define CTYPES_MAX_ARGCOUNT 1024 + +/* * Requirements, must be ensured by the caller: * - argtuple is tuple of arguments * - argtypes is either NULL, or a tuple of the same size as argtuple @@ -1108,6 +1116,13 @@ PyObject *_ctypes_callproc(PPROC pProc, ++argcount; #endif + if (argcount > CTYPES_MAX_ARGCOUNT) + { + PyErr_Format(PyExc_ArgError, "too many arguments (%zi), maximum is %i", + argcount, CTYPES_MAX_ARGCOUNT); + return NULL; + } + args = (struct argument *)alloca(sizeof(struct argument) * argcount); if (!args) { PyErr_NoMemory(); |