From 9345dc165c3389208da45d391bf5b2d146302e75 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Tue, 19 Nov 2024 09:33:18 +0100 Subject: [PATCH] [3.12] gh-126594: Fix typeobject.c wrap_buffer() cast (GH-126754) (#127005) gh-126594: Fix typeobject.c wrap_buffer() cast (GH-126754) Reject flags smaller than INT_MIN. (cherry picked from commit 84f07c3a4cbcfe488ccfb4030571be0bc4de7e45) Co-authored-by: Victor Stinner Co-authored-by: Jelle Zijlstra --- Lib/test/test_buffer.py | 15 +++++++++++++++ Objects/typeobject.c | 6 +++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/Lib/test/test_buffer.py b/Lib/test/test_buffer.py index 84a34bccbc9..5f3e8b0ff59 100644 --- a/Lib/test/test_buffer.py +++ b/Lib/test/test_buffer.py @@ -4442,6 +4442,21 @@ class TestBufferProtocol(unittest.TestCase): self.assertEqual(_testcapi.PyBuffer_SizeFromFormat(format), struct.calcsize(format)) + @support.cpython_only + def test_flags_overflow(self): + # gh-126594: Check for integer overlow on large flags + try: + from _testcapi import INT_MIN, INT_MAX + except ImportError: + INT_MIN = -(2 ** 31) + INT_MAX = 2 ** 31 - 1 + + obj = b'abc' + for flags in (INT_MIN - 1, INT_MAX + 1): + with self.subTest(flags=flags): + with self.assertRaises(OverflowError): + obj.__buffer__(flags) + class TestPythonBufferProtocol(unittest.TestCase): def test_basic(self): diff --git a/Objects/typeobject.c b/Objects/typeobject.c index 7c678907ed5..5bca4b4e788 100644 --- a/Objects/typeobject.c +++ b/Objects/typeobject.c @@ -8207,13 +8207,13 @@ wrap_buffer(PyObject *self, PyObject *args, void *wrapped) if (flags == -1 && PyErr_Occurred()) { return NULL; } - if (flags > INT_MAX) { + if (flags > INT_MAX || flags < INT_MIN) { PyErr_SetString(PyExc_OverflowError, - "buffer flags too large"); + "buffer flags out of range"); return NULL; } - return _PyMemoryView_FromBufferProc(self, Py_SAFE_DOWNCAST(flags, Py_ssize_t, int), + return _PyMemoryView_FromBufferProc(self, (int)flags, (getbufferproc)wrapped); }