Skip to content

Add overflow checks before calling memory allocators #127681

New issue
New issue
Open
Open
Add overflow checks before calling memory allocators#127681
Labels
extension-modulesC modules in the Modules dirinterpreter-core(Objects, Python, Grammar, and Parser dirs)staleStale PR or inactive for long period of time.type-bugAn unexpected behavior, bug, or error
@picnixz

Description

@picnixz
picnixz
opened on Dec 6, 2024

Bug report

Bug description:

From capi-workgroup/decisions#50 (comment) and capi-workgroup/decisions#50 (comment).

Some calls to the PyMem_* API uses an arithmetic operation on the size, which could make the requested length overflow. The checks in the corresponding functions would not be relevant since the inputs already overflowed.

See #127686 (comment) for the future of this issue.

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

Activity

picnixz
added
type-bugAn unexpected behavior, bug, or error
on Dec 6, 2024
picnixz
self-assigned this
on Dec 6, 2024
picnixz
added
interpreter-core(Objects, Python, Grammar, and Parser dirs)
extension-modulesC modules in the Modules dir
on Dec 6, 2024
serhiy-storchaka

serhiy-storchaka commented on Dec 6, 2024

@serhiy-storchaka
serhiy-storchaka
on Dec 6, 2024
Member

In most cases there is such check (I myself added and reviewed miriads of checks). If it is forgotten in some case, it is a bug.

picnixz

picnixz commented on Dec 6, 2024

@picnixz
picnixz
on Dec 6, 2024 · edited by picnixz
MemberAuthor

I've found quite a lot of code that does not check them. There are some parts that do not need such checks because of some assumptions (e.g., when converting numbers to string, we likely won't have more digits than SIZE_MAX).

EDIT: I'll create a fresh branch without comments and with the minimal checks.

bedevere-app
mentioned this on Dec 6, 2024
picnixz
removed their assignment
on Feb 15, 2025
picnixz
added
staleStale PR or inactive for long period of time.
on Feb 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    extension-modulesC modules in the Modules dirinterpreter-core(Objects, Python, Grammar, and Parser dirs)staleStale PR or inactive for long period of time.type-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Add overflow checks before calling memory allocators · Issue #127681 · python/cpython