From b46b18dd36a1a40aace1efb85a4f088dd6ce6a27 Mon Sep 17 00:00:00 2001 From: johanliu Date: Sat, 20 May 2017 16:45:07 +0800 Subject: [PATCH 1/9] fix 30245 --- Modules/_struct.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/_struct.c b/Modules/_struct.c index 8e1e21986caaf1..abc08bc9eb3693 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1929,11 +1929,15 @@ s_pack_into(PyObject *self, PyObject **args, Py_ssize_t nargs, PyObject *kwnames /* Check boundaries */ if ((buffer.len - offset) < soself->s_size) { + + assert(offset >= 0); + assert(soself->s_size >= 0); + PyErr_Format(StructError, "pack_into requires a buffer of at least %zd bytes for " "packing %zd bytes at offset %zd " "(actual buffer size is %zd)", - soself->s_size + offset, + (size_t)soself->s_size + (size_t)offset, soself->s_size, offset, buffer.len); From f228dd772cff9f0b526474f860d180899b660984 Mon Sep 17 00:00:00 2001 From: johanliu Date: Sat, 20 May 2017 18:29:45 +0800 Subject: [PATCH 2/9] fix issue 30245 --- Lib/test/test_struct.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Lib/test/test_struct.py b/Lib/test/test_struct.py index 02d50b2d1c374e..84426e0cd1fa58 100644 --- a/Lib/test/test_struct.py +++ b/Lib/test/test_struct.py @@ -444,6 +444,16 @@ def test_pack_into(self): self.assertRaises((TypeError, struct.error), struct.pack_into, b'', sb, None) + # Test overflows cause by large offset and value size (issue 30245) + regex = ( + r'pack_into requires a buffer of at least 9223372036854775811 ' + r'bytes for packing 4 bytes at offset 9223372036854775807 ' + r'\(actual buffer size is 10\)' + ) + + with self.assertRaisesRegex(struct.error, regex): + struct.pack_into('I', bytearray(10), sys.maxsize, 1) + def test_pack_into_fn(self): test_string = b'Reykjavik rocks, eow!' writable_buf = array.array('b', b' '*100) From 890b93eebb2ec7034914512dda40959f8348e7c7 Mon Sep 17 00:00:00 2001 From: johanliu Date: Sat, 20 May 2017 22:48:15 +0800 Subject: [PATCH 3/9] fix issue 30245 --- Lib/test/test_struct.py | 6 +++--- Modules/_struct.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_struct.py b/Lib/test/test_struct.py index 84426e0cd1fa58..95ad29f4bfe60e 100644 --- a/Lib/test/test_struct.py +++ b/Lib/test/test_struct.py @@ -446,9 +446,9 @@ def test_pack_into(self): # Test overflows cause by large offset and value size (issue 30245) regex = ( - r'pack_into requires a buffer of at least 9223372036854775811 ' - r'bytes for packing 4 bytes at offset 9223372036854775807 ' - r'\(actual buffer size is 10\)' + "pack_into requires a buffer of at least " + str(sys.maxsize + 4) + + " bytes for packing 4 bytes at offset " + str(sys.maxsize) + + " (actual buffer size is 10)" ) with self.assertRaisesRegex(struct.error, regex): diff --git a/Modules/_struct.c b/Modules/_struct.c index abc08bc9eb3693..8194879339711b 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1934,7 +1934,7 @@ s_pack_into(PyObject *self, PyObject **args, Py_ssize_t nargs, PyObject *kwnames assert(soself->s_size >= 0); PyErr_Format(StructError, - "pack_into requires a buffer of at least %zd bytes for " + "pack_into requires a buffer of at least %zu bytes for " "packing %zd bytes at offset %zd " "(actual buffer size is %zd)", (size_t)soself->s_size + (size_t)offset, From c876f9a66356b5b5c60fc63e80e87ddc35b4d0ec Mon Sep 17 00:00:00 2001 From: johanliu Date: Sat, 20 May 2017 23:11:01 +0800 Subject: [PATCH 4/9] fix 30245 --- Lib/test/test_struct.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/Lib/test/test_struct.py b/Lib/test/test_struct.py index 95ad29f4bfe60e..95b2006fa8bf47 100644 --- a/Lib/test/test_struct.py +++ b/Lib/test/test_struct.py @@ -444,16 +444,6 @@ def test_pack_into(self): self.assertRaises((TypeError, struct.error), struct.pack_into, b'', sb, None) - # Test overflows cause by large offset and value size (issue 30245) - regex = ( - "pack_into requires a buffer of at least " + str(sys.maxsize + 4) + - " bytes for packing 4 bytes at offset " + str(sys.maxsize) + - " (actual buffer size is 10)" - ) - - with self.assertRaisesRegex(struct.error, regex): - struct.pack_into('I', bytearray(10), sys.maxsize, 1) - def test_pack_into_fn(self): test_string = b'Reykjavik rocks, eow!' writable_buf = array.array('b', b' '*100) @@ -609,6 +599,17 @@ def test_boundary_error_message_with_negative_offset(self): 'offset -11 out of range for 10-byte buffer'): struct.pack_into(' Date: Sat, 20 May 2017 23:34:59 +0800 Subject: [PATCH 5/9] add name to ACKS --- Misc/ACKS | 1 + 1 file changed, 1 insertion(+) diff --git a/Misc/ACKS b/Misc/ACKS index 246a50be00763d..2c601fb456e24e 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -1746,3 +1746,4 @@ evilzero Dhushyanth Ramasamy Subhendu Ghosh Sanjay Sundaresan +Yuan Liu From 2c3a43e8181383108e2b0691f36743be1727e95f Mon Sep 17 00:00:00 2001 From: johanliu Date: Sun, 21 May 2017 00:12:07 +0800 Subject: [PATCH 6/9] fix issue30245 --- Misc/ACKS | 2 +- Misc/NEWS | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Misc/ACKS b/Misc/ACKS index 2c601fb456e24e..6e9a9e26792bf6 100644 --- a/Misc/ACKS +++ b/Misc/ACKS @@ -918,6 +918,7 @@ Gregor Lingl Everett Lipman Mirko Liss Alexander Liu +Yuan Liu Nick Lockwood Stephanie Lockwood Martin von Löwis @@ -1746,4 +1747,3 @@ evilzero Dhushyanth Ramasamy Subhendu Ghosh Sanjay Sundaresan -Yuan Liu diff --git a/Misc/NEWS b/Misc/NEWS index c6aed7f48c8dcb..b3cdd29f8c71d0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -327,6 +327,9 @@ Extension Modules Library ------- +- bpo-30245: Fix possible overflow when organize struct.pack_into + error message. Patch by Yuan Liu. + - bpo-30149: inspect.signature() now supports callables with variable-argument parameters wrapped with partialmethod. Patch by Dong-hee Na. From 3e1d50f25839a248423ee5f6a633f4b5d474d85c Mon Sep 17 00:00:00 2001 From: johanliu Date: Sun, 21 May 2017 00:14:40 +0800 Subject: [PATCH 7/9] fix --- Modules/_struct.c | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/_struct.c b/Modules/_struct.c index 8194879339711b..5b74ec5b4923b3 100644 --- a/Modules/_struct.c +++ b/Modules/_struct.c @@ -1929,7 +1929,6 @@ s_pack_into(PyObject *self, PyObject **args, Py_ssize_t nargs, PyObject *kwnames /* Check boundaries */ if ((buffer.len - offset) < soself->s_size) { - assert(offset >= 0); assert(soself->s_size >= 0); From c4a9927c6855b9bf3581d76c1edae091fbae342f Mon Sep 17 00:00:00 2001 From: johanliu Date: Sun, 21 May 2017 00:15:41 +0800 Subject: [PATCH 8/9] fix --- Lib/test/test_struct.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Lib/test/test_struct.py b/Lib/test/test_struct.py index 95b2006fa8bf47..b2a5f429e0b94b 100644 --- a/Lib/test/test_struct.py +++ b/Lib/test/test_struct.py @@ -602,11 +602,10 @@ def test_boundary_error_message_with_negative_offset(self): def test_boundary_error_message_with_large_offset(self): # Test overflows cause by large offset and value size (issue 30245) regex = ( - "pack_into requires a buffer of at least " + str(sys.maxsize + 4) + - " bytes for packing 4 bytes at offset " + str(sys.maxsize) + - " \(actual buffer size is 10\)" + r'pack_into requires a buffer of at least ' + str(sys.maxsize + 4) + + r' bytes for packing 4 bytes at offset ' + str(sys.maxsize) + + r' \(actual buffer size is 10\)' ) - with self.assertRaisesRegex(struct.error, regex): struct.pack_into(' Date: Sun, 21 May 2017 00:25:43 +0800 Subject: [PATCH 9/9] add space in Misc/NEWS --- Misc/NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS b/Misc/NEWS index b3cdd29f8c71d0..6b6d7daa94cdd0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -328,7 +328,7 @@ Library ------- - bpo-30245: Fix possible overflow when organize struct.pack_into - error message. Patch by Yuan Liu. + error message. Patch by Yuan Liu. - bpo-30149: inspect.signature() now supports callables with variable-argument parameters wrapped with partialmethod.