gh-126594: Fix typeobject.c wrap_buffer() cast (#126754)

Reject flags smaller than INT_MIN.

Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
This commit is contained in:
Victor Stinner 2024-11-19 09:13:20 +01:00 committed by GitHub
parent b3687ad454
commit 84f07c3a4c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 3 deletions

View File

@ -4446,6 +4446,21 @@ class TestBufferProtocol(unittest.TestCase):
self.assertEqual(_testcapi.PyBuffer_SizeFromFormat(format),
struct.calcsize(format))
@support.cpython_only
def test_flags_overflow(self):
# gh-126594: Check for integer overlow on large flags
try:
from _testcapi import INT_MIN, INT_MAX
except ImportError:
INT_MIN = -(2 ** 31)
INT_MAX = 2 ** 31 - 1
obj = b'abc'
for flags in (INT_MIN - 1, INT_MAX + 1):
with self.subTest(flags=flags):
with self.assertRaises(OverflowError):
obj.__buffer__(flags)
class TestPythonBufferProtocol(unittest.TestCase):
def test_basic(self):

View File

@ -9314,13 +9314,13 @@ wrap_buffer(PyObject *self, PyObject *args, void *wrapped)
if (flags == -1 && PyErr_Occurred()) {
return NULL;
}
if (flags > INT_MAX) {
if (flags > INT_MAX || flags < INT_MIN) {
PyErr_SetString(PyExc_OverflowError,
"buffer flags too large");
"buffer flags out of range");
return NULL;
}
return _PyMemoryView_FromBufferProc(self, Py_SAFE_DOWNCAST(flags, Py_ssize_t, int),
return _PyMemoryView_FromBufferProc(self, (int)flags,
(getbufferproc)wrapped);
}