[Python-checkins] [3.9] bpo-43499: Restrict co_code to be under INT_MAX in codeobject (GH-20628) (GH-24896)
serhiy-storchaka
webhook-mailer at python.org
Wed Mar 17 14:26:47 EDT 2021
https://github.com/python/cpython/commit/db733761060be92915b5f5cba209dcaada88f94e
commit: db733761060be92915b5f5cba209dcaada88f94e
branch: 3.9
author: Ammar Askar <ammar at ammaraskar.com>
committer: serhiy-storchaka <storchaka at gmail.com>
date: 2021-03-17T20:26:38+02:00
summary:
[3.9] bpo-43499: Restrict co_code to be under INT_MAX in codeobject (GH-20628) (GH-24896)
(cherry picked from commit 3b3b83c965447a8329b34cb4befe6e9908880ee5)
files:
M Objects/codeobject.c
M Objects/frameobject.c
diff --git a/Objects/codeobject.c b/Objects/codeobject.c
index 737635943aced..cb4fb68124333 100644
--- a/Objects/codeobject.c
+++ b/Objects/codeobject.c
@@ -166,6 +166,14 @@ PyCode_NewWithPosOnlyArgs(int argcount, int posonlyargcount, int kwonlyargcount,
return NULL;
}
+ /* Make sure that code is indexable with an int, this is
+ a long running assumption in ceval.c and many parts of
+ the interpreter. */
+ if (PyBytes_GET_SIZE(code) > INT_MAX) {
+ PyErr_SetString(PyExc_OverflowError, "co_code larger than INT_MAX");
+ return NULL;
+ }
+
/* Check for any inner or outer closure references */
n_cellvars = PyTuple_GET_SIZE(cellvars);
if (!n_cellvars && !PyTuple_GET_SIZE(freevars)) {
diff --git a/Objects/frameobject.c b/Objects/frameobject.c
index a2fc0a423747f..b511e4c832c77 100644
--- a/Objects/frameobject.c
+++ b/Objects/frameobject.c
@@ -397,7 +397,9 @@ frame_setlineno(PyFrameObject *f, PyObject* p_new_lineno, void *Py_UNUSED(ignore
return -1;
}
- int len = PyBytes_GET_SIZE(f->f_code->co_code)/sizeof(_Py_CODEUNIT);
+ /* PyCode_NewWithPosOnlyArgs limits co_code to be under INT_MAX so this
+ * should never overflow. */
+ int len = (int)(PyBytes_GET_SIZE(f->f_code->co_code) / sizeof(_Py_CODEUNIT));
int *lines = marklines(f->f_code, len);
if (lines == NULL) {
return -1;
More information about the Python-checkins
mailing list