Skip to content

MNT: protect from out-of-bounds data access at the c level #14478

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 5, 2019
Merged

MNT: protect from out-of-bounds data access at the c level #14478

merged 5 commits into from
Jul 5, 2019

Conversation

tacaswell
Copy link
Member

As suggested by @cgohlke

PR Summary

PR Checklist

  • Has Pytest style unit tests
  • Code is Flake 8 compliant
  • New features are documented, with examples if plot related
  • Documentation is sphinx and numpydoc compliant
  • Added an entry to doc/users/next_whats_new/ if major new feature (follow instructions in README.rst there)
  • Documented in doc/api/api_changes.rst if API changed in a backward-incompatible way

@tacaswell tacaswell added this to the v3.2.0 milestone Jun 7, 2019
anntzer
anntzer reviewed Jun 7, 2019
View reviewed changes
lib/matplotlib/tests/test_backend_tk.py Outdated
(0, 2, 1, 6),
):
with pytest.raises(ValueError):
print(bad_boxes)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the print?

anntzer
anntzer reviewed Jun 7, 2019
View reviewed changes
src/_tkagg.cpp Outdated
@@ -67,6 +67,12 @@ static PyObject *mpl_tk_blit(PyObject *self, PyObject *args)
PyErr_SetString(PyExc_ValueError, "Failed to extract Tk_PhotoHandle");
goto exit;
}
if (0 > y1 || y1 > y2 || y2 > height ||
0 > x1 || x1 > x2 || x2 > width ) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra space after width?

@tacaswell
Copy link
Member Author

I still can write code I swear...

@tacaswell
Copy link
Member Author

Can probably re-use the skip_on_importfailure flag to further simplify the Qt tests?

@anntzer
Copy link
Contributor

anntzer commented Jun 10, 2019

quite possibly, indeed, looks like a good idea.

timhoffm
timhoffm approved these changes Jun 16, 2019
View reviewed changes
Copy link
Member

@timhoffm timhoffm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment, but would also be ok without.

src/_tkagg.cpp
@@ -67,6 +67,11 @@ static PyObject *mpl_tk_blit(PyObject *self, PyObject *args)
PyErr_SetString(PyExc_ValueError, "Failed to extract Tk_PhotoHandle");
goto exit;
}
if (0 > y1 || y1 > y2 || y2 > height || 0 > x1 || x1 > x2 || x2 > width) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (0 > y1 || y1 > y2 || y2 > height || 0 > x1 || x1 > x2 || x2 > width) {
if (y1 < 0 || y1 > y2 || y2 > height || x1 < 0 || x1 > x2 || x2 > width) {

I find it easier this way "y1 is smaller than 0 or larger than y2". 0 > y1 sort of ties a knot in my brain. 😄

Copy link
Member Author

@tacaswell tacaswell Jul 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is fair, but having all of the > go the same way is also helpful..

Moot now that @efiring merged it..

@efiring efiring merged commit 0654800 into matplotlib:master Jul 5, 2019
@tacaswell tacaswell deleted the mnt_c_tkblit_bounds branch July 5, 2019 22:38
@richardsheridan richardsheridan mentioned this pull request Aug 24, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anntzer anntzer anntzer left review comments

@timhoffm timhoffm timhoffm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
4 participants
@tacaswell @anntzer @timhoffm @efiring