New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpo-35090: Fix potential division by zero and integer overflow in allocator wrappers #10174
Conversation
Reported by Svace static analyzer.
Thanks for the review, @ericvsmith. I've added a NEWS entry. |
Does |
@serhiy-storchaka I don't know -- it depends on the implementation of the bz2 library CPython is linked to. But since |
Since we have no evidence that I suppose that |
This reverts commit e324296.
@serhiy-storchaka OK, I removed it. |
There is yet one issue in |
@serhiy-storchaka Ah, I missed it, shame on me. Thanks! |
Modules/_bz2module.c
Outdated
return NULL; | ||
/* PyMem_Malloc() cannot be used: compress() and decompress() | ||
release the GIL */ | ||
return PyMem_RawMalloc(items * size); | ||
return PyMem_RawMalloc((Py_ssize_t)items * (Py_ssize_t)size); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hum no, RawMalloc expects size_t. You have to cast to size_t instead to avoid undefined behavior on integer overflow (which cannot occur, but well, i'm pedantic, sorry!).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've changed the types, but this change has nothing to do with undefined behavior -- as you say, it can't occur because we've explicitly ensured that it doesn't. This change is just for consistency with the code above which casts to size_t
and with the type expected by PyRaw_Malloc
.
I would prefer to have a single PR to fix the 3 memory allocators: https://bugs.python.org/issue35090#msg328693 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. @serhiy-storchaka: would you mind to double check the PR?
@vstinner, I've added fixes for other wrappers as you suggested. |
…onGH-10174) * Fix potential division by zero in BZ2_Malloc() * Avoid division by zero in PyLzma_Malloc() * Avoid division by zero and integer overflow in PyZlib_Malloc() Reported by Svace static analyzer. (cherry picked from commit 3d4fabb) Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
GH-10198 is a backport of this pull request to the 3.7 branch. |
…onGH-10174) * Fix potential division by zero in BZ2_Malloc() * Avoid division by zero in PyLzma_Malloc() * Avoid division by zero and integer overflow in PyZlib_Malloc() Reported by Svace static analyzer. (cherry picked from commit 3d4fabb) Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
GH-10199 is a backport of this pull request to the 3.6 branch. |
Reported by Svace static analyzer.
https://bugs.python.org/issue35090