From 936548306d1faefd3b61987ad6486e18b448fe24 Mon Sep 17 00:00:00 2001
From: Iustin Pop <iustin@k1024.org>
Date: Fri, 1 May 2015 01:02:59 +0200
Subject: [PATCH] Fix a few int/size_t conversion issues

From https://bugzilla.redhat.com/show_bug.cgi?id=1127310: the
'#'-variats of parsing (s#, et#, etc.) take a size_t if
PY_SSIZE_T_CLEAN is defined (which the code does). On some
architectures (little-endian only?) this doesn't seem to be a problem,
but on PPC this is a failure in unit tests (at least yay).

The patch changes the type of bufsize to Py_ssize_t, and does an
explicit cast to size_t with underflow check in order to make the code
safer (assuming this is the right thing to do). This should result in
no unexpected conversion issues.
---
 xattr.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/xattr.c b/xattr.c
index d65601c..6f03716 100644
--- a/xattr.c
+++ b/xattr.c
@@ -614,15 +614,25 @@ pysetxattr(PyObject *self, PyObject *args)
     int nofollow = 0;
     char *attrname = NULL;
     char *buf = NULL;
-    int bufsize;
+    Py_ssize_t bufsize_s;
+    size_t bufsize;
     int nret;
     int flags = 0;
     target_t tgt;
 
     /* Parse the arguments */
     if (!PyArg_ParseTuple(args, "Oetet#|ii", &myarg, NULL, &attrname,
-                          NULL, &buf, &bufsize, &flags, &nofollow))
+                          NULL, &buf, &bufsize_s, &flags, &nofollow))
         return NULL;
+
+    if (bufsize_s < 0) {
+        PyErr_SetString(PyExc_ValueError,
+                        "negative value size?!");
+        res = NULL;
+        goto free_arg;
+    }
+    bufsize = (size_t) bufsize_s;
+
     if(convert_obj(myarg, &tgt, nofollow) < 0) {
         res = NULL;
         goto free_arg;
@@ -680,7 +690,8 @@ xattr_set(PyObject *self, PyObject *args, PyObject *keywds)
     int nofollow = 0;
     char *attrname = NULL;
     char *buf = NULL;
-    int bufsize;
+    Py_ssize_t bufsize_s;
+    size_t bufsize;
     int nret;
     int flags = 0;
     target_t tgt;
@@ -693,8 +704,17 @@ xattr_set(PyObject *self, PyObject *args, PyObject *keywds)
     /* Parse the arguments */
     if (!PyArg_ParseTupleAndKeywords(args, keywds, "Oetet#|ii" BYTES_CHAR,
                                      kwlist, &myarg, NULL, &attrname, NULL,
-                                     &buf, &bufsize, &flags, &nofollow, &ns))
+                                     &buf, &bufsize_s, &flags, &nofollow, &ns))
         return NULL;
+
+    if (bufsize_s < 0) {
+        PyErr_SetString(PyExc_ValueError,
+                        "negative value size?!");
+        res = NULL;
+        goto free_arg;
+    }
+    bufsize = (size_t) bufsize_s;
+
     if(convert_obj(myarg, &tgt, nofollow) < 0) {
         res = NULL;
         goto free_arg;
-- 
2.39.2