From: Victor Stinner <victor.stinner@haypocalc.com>
Date: Tue, 4 Jan 2011 02:07:34 +0000 (+0000)
Subject: Issue #8651: PyArg_Parse*() functions raise an OverflowError if the file
X-Git-Tag: v3.2rc1~204
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3c9e073fc7b93529ceb0af520d148385e6f63f7;p=python

Issue #8651: PyArg_Parse*() functions raise an OverflowError if the file
doesn't have PY_SSIZE_T_CLEAN define and the size doesn't fit in an int
(length bigger than 2^31-1).
---

diff --git a/Lib/test/test_xml_etree_c.py b/Lib/test/test_xml_etree_c.py
index 5c0bf6cac8..db69e5f2c5 100644
--- a/Lib/test/test_xml_etree_c.py
+++ b/Lib/test/test_xml_etree_c.py
@@ -1,6 +1,8 @@
 # xml.etree test for cElementTree
 
 from test import support
+from test.support import precisionbigmemtest, _2G
+import unittest
 
 cET = support.import_module('xml.etree.cElementTree')
 
@@ -31,12 +33,28 @@ def sanity():
     """
 
 
+class MiscTests(unittest.TestCase):
+    # Issue #8651.
+    @support.precisionbigmemtest(size=support._2G + 100, memuse=1)
+    def test_length_overflow(self, size):
+        if size < support._2G + 100:
+            self.skipTest("not enough free memory, need at least 2 GB")
+        data = b'x' * size
+        parser = cET.XMLParser()
+        try:
+            self.assertRaises(OverflowError, parser.feed, data)
+        finally:
+            data = None
+
+
 def test_main():
     from test import test_xml_etree, test_xml_etree_c
 
     # Run the tests specific to the C implementation
     support.run_doctest(test_xml_etree_c, verbosity=True)
 
+    support.run_unittest(MiscTests)
+
     # Assign the C implementation before running the doctests
     # Patch the __name__, to prevent confusion with the pure Python test
     pyET = test_xml_etree.ET
diff --git a/Misc/NEWS b/Misc/NEWS
index 1540db7ab8..d7610b3db7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -8,6 +8,10 @@ What's New in Python 3.2 Release Candidate 1
 Core and Builtins
 -----------------
 
+- Issue #8651: PyArg_Parse*() functions raise an OverflowError if the file
+  doesn't have PY_SSIZE_T_CLEAN define and the size doesn't fit in an int
+  (length bigger than 2^31-1 bytes).
+
 - Issue #9015, #9611: FileIO.readinto(), FileIO.write() and os.write() clamp
   the length to 2^31-1 on Windows.
 
diff --git a/Python/getargs.c b/Python/getargs.c
index cf9869965c..aac1d177a7 100644
--- a/Python/getargs.c
+++ b/Python/getargs.c
@@ -597,7 +597,17 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
 #define FETCH_SIZE      int *q=NULL;Py_ssize_t *q2=NULL;\
     if (flags & FLAG_SIZE_T) q2=va_arg(*p_va, Py_ssize_t*); \
     else q=va_arg(*p_va, int*);
-#define STORE_SIZE(s)   if (flags & FLAG_SIZE_T) *q2=s; else *q=s;
+#define STORE_SIZE(s)   \
+    if (flags & FLAG_SIZE_T) \
+        *q2=s; \
+    else { \
+        if (INT_MAX < s) { \
+            PyErr_SetString(PyExc_OverflowError, \
+                "size does not fit in an int"); \
+            return converterr("", arg, msgbuf, bufsize); \
+        } \
+        *q=s; \
+    }
 #define BUFFER_LEN      ((flags & FLAG_SIZE_T) ? *q2:*q)
 
     const char *format = *p_format;