Skip to content

[3.12] gh-131181: Add some non-NULL assertion checks in Modules/_ctypes/_ctypes.c #131188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 13, 2025
Merged

[3.12] gh-131181: Add some non-NULL assertion checks in Modules/_ctypes/_ctypes.c #131188

merged 1 commit into from
Mar 13, 2025

Conversation

dyupina
Copy link

@dyupina dyupina commented Mar 13, 2025
edited by bedevere-app bot
Loading

In the PyCData_NewGetBuffer() (file Modules/_ctypes/_ctypes.c), the PyObject_stgdict() is called, which may return NULL.
Its result is assigned to dict, then dict is dereferenced (view->format = dict->format ? dict->format : "B";).
If dict is NULL, a null pointer dereference will occur, so a check for NULL need to be added.

Similarly, in the PyCData_reduce() (file Modules/_ctypes/_ctypes.c) PyObject_stgdict(myself) may return NULL, so need to check result to prevent null pointer dereferencing.

Commit dcaf33a (Author: @encukou) fixes this problems, but it is very large and probably difficult to backport, so I suggest adding assert(); before the dereference.

This needs to be added to branches 3.1 - 3.12.
Found by Linux Verification Center (linuxtesting.org) with SVACE.

@ghost
Copy link

ghost commented Mar 13, 2025
edited by ghost
Loading

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-app
Copy link

bedevere-app bot commented Mar 13, 2025

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@bedevere-app bedevere-app bot mentioned this pull request Mar 13, 2025
Closed
@picnixz picnixz changed the title gh-131181: Fix possible NULL pointer dereference in Modules/_ctypes/_ctypes.c [3.12] gh-131181: Fix possible NULL pointer dereference in Modules/_ctypes/_ctypes.c Mar 13, 2025
@picnixz
Copy link
Member

picnixz commented Mar 13, 2025
edited
Loading

This needs to be added to branches 3.1 - 3.12.

Only 3.12 will get an update as other branches only accept security fixes (and 3.8 and older are EOL so they are not updated) (and since it only occurs on 3.12 and not on 3.13+)

@encukou encukou enabled auto-merge (squash) March 13, 2025 14:57
@picnixz picnixz changed the title [3.12] gh-131181: Fix possible NULL pointer dereference in Modules/_ctypes/_ctypes.c [3.12] gh-131181: Add some non-NULL assertion checks in Modules/_ctypes/_ctypes.c Mar 13, 2025
@encukou encukou merged commit ba36389 into python:3.12 Mar 13, 2025
29 checks passed
mikec9 pushed a commit to mikec9/cpython that referenced this pull request Mar 14, 2025
@dyupina
[3.12] pythongh-131181: Assert that PyObject_stgdict isn't NULL for P…
08e960b 
…yCData (python#131188)

PyCData types have stgdict, so `PyObject_stgdict` can not return NULL.
Add an assert to make this clear.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dyupina @picnixz @encukou