From 7323c4dd075c64ba54e417853f08cec42bc43e59 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Thu, 21 Mar 2024 11:43:42 +0200 Subject: [PATCH] [3.11] gh-117021: Fix integer overflow in PyLong_AsPid() on non-Windows 64-bit platforms (GH-117064) (GH-117070) (GH-117075) (cherry picked from commit da2f9d1417a7d28df6e1ced87d64ecf28acb0a5f) Co-authored-by: Serhiy Storchaka (cherry picked from commit 519b2ae22b54760475bbf62b9558d453c703f9c6) --- Include/Python.h | 8 ++++---- Include/longobject.h | 19 ++++++++++++++++++- ...-03-20-13-13-22.gh-issue-117021.0Q5jBx.rst | 2 ++ Modules/_testcapimodule.c | 1 + 4 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 Misc/NEWS.d/next/C API/2024-03-20-13-13-22.gh-issue-117021.0Q5jBx.rst diff --git a/Include/Python.h b/Include/Python.h index 52a7aac6ba6..6ee3b0a2f9d 100644 --- a/Include/Python.h +++ b/Include/Python.h @@ -49,6 +49,10 @@ #include "bytearrayobject.h" #include "bytesobject.h" #include "unicodeobject.h" +#include "cpython/code.h" +#include "cpython/initconfig.h" +#include "pystate.h" +#include "pyerrors.h" #include "longobject.h" #include "cpython/longintrepr.h" #include "boolobject.h" @@ -68,14 +72,11 @@ #include "cpython/classobject.h" #include "fileobject.h" #include "pycapsule.h" -#include "cpython/code.h" #include "pyframe.h" #include "traceback.h" #include "sliceobject.h" #include "cpython/cellobject.h" #include "iterobject.h" -#include "cpython/initconfig.h" -#include "pystate.h" #include "cpython/genobject.h" #include "descrobject.h" #include "genericaliasobject.h" @@ -85,7 +86,6 @@ #include "cpython/picklebufobject.h" #include "cpython/pytime.h" #include "codecs.h" -#include "pyerrors.h" #include "pythread.h" #include "cpython/context.h" #include "modsupport.h" diff --git a/Include/longobject.h b/Include/longobject.h index 81ba1239a69..778cb627190 100644 --- a/Include/longobject.h +++ b/Include/longobject.h @@ -34,7 +34,24 @@ PyAPI_FUNC(PyObject *) PyLong_GetInfo(void); #if !defined(SIZEOF_PID_T) || SIZEOF_PID_T == SIZEOF_INT #define _Py_PARSE_PID "i" #define PyLong_FromPid PyLong_FromLong -#define PyLong_AsPid PyLong_AsLong +# ifndef Py_LIMITED_API +# define PyLong_AsPid _PyLong_AsInt +# elif SIZEOF_INT == SIZEOF_LONG +# define PyLong_AsPid PyLong_AsLong +# else +static inline int +PyLong_AsPid(PyObject *obj) +{ + int overflow; + long result = PyLong_AsLongAndOverflow(obj, &overflow); + if (overflow || result > INT_MAX || result < INT_MIN) { + PyErr_SetString(PyExc_OverflowError, + "Python int too large to convert to C int"); + return -1; + } + return (int)result; +} +# endif #elif SIZEOF_PID_T == SIZEOF_LONG #define _Py_PARSE_PID "l" #define PyLong_FromPid PyLong_FromLong diff --git a/Misc/NEWS.d/next/C API/2024-03-20-13-13-22.gh-issue-117021.0Q5jBx.rst b/Misc/NEWS.d/next/C API/2024-03-20-13-13-22.gh-issue-117021.0Q5jBx.rst new file mode 100644 index 00000000000..2f93e1e6da0 --- /dev/null +++ b/Misc/NEWS.d/next/C API/2024-03-20-13-13-22.gh-issue-117021.0Q5jBx.rst @@ -0,0 +1,2 @@ +Fix integer overflow in :c:func:`PyLong_AsPid` on non-Windows 64-bit +platforms. diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c index a4411d1ea1d..becf203d956 100644 --- a/Modules/_testcapimodule.c +++ b/Modules/_testcapimodule.c @@ -8221,6 +8221,7 @@ PyInit__testcapi(void) PyModule_AddObject(m, "PY_SSIZE_T_MAX", PyLong_FromSsize_t(PY_SSIZE_T_MAX)); PyModule_AddObject(m, "PY_SSIZE_T_MIN", PyLong_FromSsize_t(PY_SSIZE_T_MIN)); PyModule_AddObject(m, "SIZEOF_TIME_T", PyLong_FromSsize_t(sizeof(time_t))); + PyModule_AddObject(m, "SIZEOF_PID_T", PyLong_FromSsize_t(sizeof(pid_t))); PyModule_AddObject(m, "Py_Version", PyLong_FromUnsignedLong(Py_Version)); Py_INCREF(&PyInstanceMethod_Type); PyModule_AddObject(m, "instancemethod", (PyObject *)&PyInstanceMethod_Type);