summaryrefslogtreecommitdiffstats
path: root/Python
diff options
context:
space:
mode:
authorSerhiy Storchaka <storchaka@gmail.com>2019-10-21 08:35:07 (GMT)
committerGitHub <noreply@github.com>2019-10-21 08:35:07 (GMT)
commit5bc6a7c06eda20ba131ecba6752be0506d310181 (patch)
tree2421865d747ee7d068363cadb6de33a984c05ade /Python
parent2eba6ad7bf3a5beeed54209a0107be8e1ac77767 (diff)
downloadcpython-5bc6a7c06eda20ba131ecba6752be0506d310181.zip
cpython-5bc6a7c06eda20ba131ecba6752be0506d310181.tar.gz
cpython-5bc6a7c06eda20ba131ecba6752be0506d310181.tar.bz2
bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869)
Diffstat (limited to 'Python')
-rw-r--r--Python/getargs.c28
1 files changed, 26 insertions, 2 deletions
diff --git a/Python/getargs.c b/Python/getargs.c
index 0ca0862..351889f 100644
--- a/Python/getargs.c
+++ b/Python/getargs.c
@@ -1199,7 +1199,19 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
trailing 0-byte
*/
- FETCH_SIZE;
+ int *q = NULL; Py_ssize_t *q2 = NULL;
+ if (flags & FLAG_SIZE_T) {
+ q2 = va_arg(*p_va, Py_ssize_t*);
+ }
+ else {
+ if (PyErr_WarnEx(PyExc_DeprecationWarning,
+ "PY_SSIZE_T_CLEAN will be required for '#' formats", 1))
+ {
+ Py_DECREF(s);
+ return NULL;
+ }
+ q = va_arg(*p_va, int*);
+ }
format++;
if (q == NULL && q2 == NULL) {
@@ -1232,7 +1244,19 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
}
}
memcpy(*buffer, ptr, size+1);
- STORE_SIZE(size);
+
+ if (flags & FLAG_SIZE_T) {
+ *q2 = size;
+ }
+ else {
+ if (INT_MAX < size) {
+ Py_DECREF(s);
+ PyErr_SetString(PyExc_OverflowError,
+ "size does not fit in an int");
+ return converterr("", arg, msgbuf, bufsize);
+ }
+ *q = (int)size;
+ }
} else {
/* Using a 0-terminated buffer: