Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
GH-93964: Harden overflow checks before _PyBytes_Resize in compile.c#94044
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Conversation
Python/compile.c Outdated
| Py_ssize_t b_len = PyBytes_GET_SIZE(*bytes); | ||
| if (unitsize * logical_length >= b_len - to_add * unitsize) { | ||
| // There's not enough room. Double it. | ||
| if (b_len > PY_SSIZE_T_MAX / 2) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This has the same issue as the backport.
We want to be able to index all code object structures with anint, so you'll needINT_MAX instead ofPY_SSIZE_T_MAX and it should be an overflow error, not a memory error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
To clarify, we wanta_bytecode to be able to haveINT_MAX code units, not justINT_MAX bytes, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
We probably want the smaller amount to avoid risk of overflow. So the length inbytes should be less thanINT_MAX.
Is the PR still relevant or some other PR superseded this one? For merge conflict resolution: touched functions were moved to |
Uh oh!
There was an error while loading.Please reload this page.
#93964
The issue was found in 3.10, so it will need to be manually backported there.