https://github.com/python/cpython/commit/84f07c3a4cbcfe488ccfb4030571be0bc4de7e45 commit: 84f07c3a4cbcfe488ccfb4030571be0bc4de7e45 branch: main author: Victor Stinner <[email protected]> committer: vstinner <[email protected]> date: 2024-11-19T09:13:20+01:00 summary:
gh-126594: Fix typeobject.c wrap_buffer() cast (#126754) Reject flags smaller than INT_MIN. Co-authored-by: Jelle Zijlstra <[email protected]> files: M Lib/test/test_buffer.py M Objects/typeobject.c diff --git a/Lib/test/test_buffer.py b/Lib/test/test_buffer.py index cb38a69e390f3a..332e49ce9f1b17 100644 --- a/Lib/test/test_buffer.py +++ b/Lib/test/test_buffer.py @@ -4446,6 +4446,21 @@ def test_pybuffer_size_from_format(self): self.assertEqual(_testcapi.PyBuffer_SizeFromFormat(format), struct.calcsize(format)) + @support.cpython_only + def test_flags_overflow(self): + # gh-126594: Check for integer overlow on large flags + try: + from _testcapi import INT_MIN, INT_MAX + except ImportError: + INT_MIN = -(2 ** 31) + INT_MAX = 2 ** 31 - 1 + + obj = b'abc' + for flags in (INT_MIN - 1, INT_MAX + 1): + with self.subTest(flags=flags): + with self.assertRaises(OverflowError): + obj.__buffer__(flags) + class TestPythonBufferProtocol(unittest.TestCase): def test_basic(self): diff --git a/Objects/typeobject.c b/Objects/typeobject.c index a6cf3da542b691..840d004d3d98c7 100644 --- a/Objects/typeobject.c +++ b/Objects/typeobject.c @@ -9314,13 +9314,13 @@ wrap_buffer(PyObject *self, PyObject *args, void *wrapped) if (flags == -1 && PyErr_Occurred()) { return NULL; } - if (flags > INT_MAX) { + if (flags > INT_MAX || flags < INT_MIN) { PyErr_SetString(PyExc_OverflowError, - "buffer flags too large"); + "buffer flags out of range"); return NULL; } - return _PyMemoryView_FromBufferProc(self, Py_SAFE_DOWNCAST(flags, Py_ssize_t, int), + return _PyMemoryView_FromBufferProc(self, (int)flags, (getbufferproc)wrapped); } _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
