From 936548306d1faefd3b61987ad6486e18b448fe24 Mon Sep 17 00:00:00 2001 From: Iustin Pop Date: Fri, 1 May 2015 01:02:59 +0200 Subject: [PATCH] Fix a few int/size_t conversion issues From https://bugzilla.redhat.com/show_bug.cgi?id=1127310: the '#'-variats of parsing (s#, et#, etc.) take a size_t if PY_SSIZE_T_CLEAN is defined (which the code does). On some architectures (little-endian only?) this doesn't seem to be a problem, but on PPC this is a failure in unit tests (at least yay). The patch changes the type of bufsize to Py_ssize_t, and does an explicit cast to size_t with underflow check in order to make the code safer (assuming this is the right thing to do). This should result in no unexpected conversion issues. --- xattr.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/xattr.c b/xattr.c index d65601c..6f03716 100644 --- a/xattr.c +++ b/xattr.c @@ -614,15 +614,25 @@ pysetxattr(PyObject *self, PyObject *args) int nofollow = 0; char *attrname = NULL; char *buf = NULL; - int bufsize; + Py_ssize_t bufsize_s; + size_t bufsize; int nret; int flags = 0; target_t tgt; /* Parse the arguments */ if (!PyArg_ParseTuple(args, "Oetet#|ii", &myarg, NULL, &attrname, - NULL, &buf, &bufsize, &flags, &nofollow)) + NULL, &buf, &bufsize_s, &flags, &nofollow)) return NULL; + + if (bufsize_s < 0) { + PyErr_SetString(PyExc_ValueError, + "negative value size?!"); + res = NULL; + goto free_arg; + } + bufsize = (size_t) bufsize_s; + if(convert_obj(myarg, &tgt, nofollow) < 0) { res = NULL; goto free_arg; @@ -680,7 +690,8 @@ xattr_set(PyObject *self, PyObject *args, PyObject *keywds) int nofollow = 0; char *attrname = NULL; char *buf = NULL; - int bufsize; + Py_ssize_t bufsize_s; + size_t bufsize; int nret; int flags = 0; target_t tgt; @@ -693,8 +704,17 @@ xattr_set(PyObject *self, PyObject *args, PyObject *keywds) /* Parse the arguments */ if (!PyArg_ParseTupleAndKeywords(args, keywds, "Oetet#|ii" BYTES_CHAR, kwlist, &myarg, NULL, &attrname, NULL, - &buf, &bufsize, &flags, &nofollow, &ns)) + &buf, &bufsize_s, &flags, &nofollow, &ns)) return NULL; + + if (bufsize_s < 0) { + PyErr_SetString(PyExc_ValueError, + "negative value size?!"); + res = NULL; + goto free_arg; + } + bufsize = (size_t) bufsize_s; + if(convert_obj(myarg, &tgt, nofollow) < 0) { res = NULL; goto free_arg; -- 2.39.5