Add overflow checks before calling memory allocators #127681
Labels
extension-modules
C modules in the Modules dir
interpreter-core
(Objects, Python, Grammar, and Parser dirs)
stale
Stale PR or inactive for long period of time.
type-bug
An unexpected behavior, bug, or error
Comments
|
In most cases there is such check (I myself added and reviewed miriads of checks). If it is forgotten in some case, it is a bug. |
|
I've found quite a lot of code that does not check them. There are some parts that do not need such checks because of some assumptions (e.g., when converting numbers to string, we likely won't have more digits than SIZE_MAX). EDIT: I'll create a fresh branch without comments and with the minimal checks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Bug description:
From capi-workgroup/decisions#50 (comment) and capi-workgroup/decisions#50 (comment).
Some calls to the
PyMem_*API uses an arithmetic operation on the size, which could make the requested length overflow. The checks in the corresponding functions would not be relevant since the inputs already overflowed.See #127686 (comment) for the future of this issue.
CPython versions tested on:
CPython main branch
Operating systems tested on:
No response
Linked PRs
The text was updated successfully, but these errors were encountered: