fcntl() and ioctl() take an argument which can be a pointer to a buffer of unspecified length, depending on operation. They can also write in that buffer, depending on operation. A temporary buffer of size 1024 is used, so a chance of directly overflowing the bytes-like object provided by user is small, but if its size than necessary, the user will get truncated data in best case, and in worst case it will cause the C stack corruption.

We cannot prevent this, unless we limit the set of supported operations to a small set of allowed operations. This is not practical, because fcntl() and ioctl() exist to support operations not explicitly supported by Python. But we can detect a buffer overflow, and raise an exception. It may be too late, if the stack or memory are corrupted, but it is better than silently ignore error.

Linked PRs

• gh-132915: Try to detect a buffer overflow in fcntl() and ioctl() #132919
• gh-132915: Fix compiler warning in fcntlmodule.c #133254