Skip to content

Possible (benign) overflow for 'K' format code in do_mkvalue #132909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
picnixz opened this issue Apr 25, 2025 · 1 comment
Closed

Possible (benign) overflow for 'K' format code in do_mkvalue #132909

picnixz opened this issue Apr 25, 2025 · 1 comment
Assignees
@picnixz
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-C-API type-bug An unexpected behavior, bug, or error

Comments

@picnixz
Copy link
Member

picnixz commented Apr 25, 2025
edited by bedevere-app bot
Loading

Bug report

Bug description:

This is probably not an issue but here are the known "temporary" overflows:

// format = 'K'
return PyLong_FromUnsignedLongLong((long long)va_arg(*p_va, unsigned long long));

Note that va_arg(*p_va, unsigned long long) will be converted into an unsigned long long, and then into a long long, and then back to an unsigned long long. So if we were to have an overflow here, it shouldn't really matter. Indeed, take v = (1ULL << 63) + 2. We have:

unsigned long long v2 = va_arg(*p_va, unsigned long long);
// v2 = 9223372036854775810
long long v3 = (long long)v2;
// v3 = -9223372036854775806
PyObject *v4 = PyLong_FromUnsignedLongLong(v3);
// v4 = 9223372036854775810 as PyObject as v3 was casted back to an unsigned long long

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs
@picnixz picnixz added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error labels Apr 25, 2025
@picnixz picnixz self-assigned this Apr 25, 2025
@bedevere-app bedevere-app bot mentioned this issue Apr 25, 2025
Merged
@serhiy-storchaka
Copy link
Member

wchar_t is at least 2 bytes on platforms supported by Python. wcslen() never returns result larger than SSIZE_MAX = SIZE_MAX/2.

@picnixz picnixz changed the title Possible (benign) overflows for 'K' and 'u' format codes in do_mkvalue Possible (benign) overflow for 'K' format codes in do_mkvalue Apr 25, 2025
@picnixz picnixz changed the title Possible (benign) overflow for 'K' format codes in do_mkvalue Possible (benign) overflow for 'K' format code in do_mkvalue Apr 25, 2025
picnixz added a commit that referenced this issue Apr 25, 2025
@picnixz
gh-132909: handle overflow for 'K' format in do_mkvalue (#132911)
3fa024d
@bedevere-app bedevere-app bot mentioned this issue Apr 25, 2025
Merged
picnixz added a commit that referenced this issue Apr 25, 2025
@picnixz
[3.13] gh-132909: handle overflow for 'K' format in do_mkvalue (G…
7ebfc6e 
…H-132911) (#132932)

(cherry picked from commit 3fa024d)
@picnixz picnixz closed this as completed Apr 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@picnixz picnixz

Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-C-API type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@serhiy-storchaka @picnixz