diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py index e4530d5a759..b6d8b012ff0 100644 --- a/Lib/ctypes/test/test_structures.py +++ b/Lib/ctypes/test/test_structures.py @@ -326,6 +326,18 @@ class Person(Structure): else: self.assertEqual(msg, "(Phone) TypeError: too many initializers") + def test_huge_field_name(self): + # issue12881: segfault with large structure field names + def create_class(length): + class S(Structure): + _fields_ = [('x' * length, c_int)] + + for length in [10 ** i for i in range(0, 8)]: + try: + create_class(length) + except MemoryError: + # MemoryErrors are OK, we just don't want to segfault + pass def get_except(self, func, *args): try: diff --git a/Misc/NEWS b/Misc/NEWS index 822594c2623..3714c43ab25 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -1303,6 +1303,8 @@ Tools/Demos Extension Modules ----------------- +- Issue #12881: ctypes: Fix segfault with large structure field names. + - Issue #13058: ossaudiodev: fix a file descriptor leak on error. Patch by Thomas Jarosch. diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c index 63f956bbcaa..e5b0e4c1398 100644 --- a/Modules/_ctypes/stgdict.c +++ b/Modules/_ctypes/stgdict.c @@ -493,13 +493,19 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct } len = strlen(fieldname) + strlen(fieldfmt); - buf = alloca(len + 2 + 1); + buf = PyMem_Malloc(len + 2 + 1); + if (buf == NULL) { + Py_DECREF(pair); + PyErr_NoMemory(); + return -1; + } sprintf(buf, "%s:%s:", fieldfmt, fieldname); ptr = stgdict->format; stgdict->format = _ctypes_alloc_format_string(stgdict->format, buf); PyMem_Free(ptr); + PyMem_Free(buf); if (stgdict->format == NULL) { Py_DECREF(pair);