From 1efb33a6823b94739e59d6e2fe92e8e703a7fc7d Mon Sep 17 00:00:00 2001 From: Meador Inge Date: Mon, 3 Oct 2011 21:44:22 -0500 Subject: [PATCH] Issue #12881: ctypes: Fix segfault with large structure field names. --- Lib/ctypes/test/test_structures.py | 12 ++++++++++++ Misc/NEWS | 2 ++ Modules/_ctypes/stgdict.c | 8 +++++++- 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py index e4530d5a759..b6d8b012ff0 100644 --- a/Lib/ctypes/test/test_structures.py +++ b/Lib/ctypes/test/test_structures.py @@ -326,6 +326,18 @@ class Person(Structure): else: self.assertEqual(msg, "(Phone) TypeError: too many initializers") + def test_huge_field_name(self): + # issue12881: segfault with large structure field names + def create_class(length): + class S(Structure): + _fields_ = [('x' * length, c_int)] + + for length in [10 ** i for i in range(0, 8)]: + try: + create_class(length) + except MemoryError: + # MemoryErrors are OK, we just don't want to segfault + pass def get_except(self, func, *args): try: diff --git a/Misc/NEWS b/Misc/NEWS index 42627a26928..aebd899b92c 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -87,6 +87,8 @@ Tests Extension Modules ----------------- +- Issue #12881: ctypes: Fix segfault with large structure field names. + - Issue #13058: ossaudiodev: fix a file descriptor leak on error. Patch by Thomas Jarosch. diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c index 14dc16fc029..262d0b4897a 100644 --- a/Modules/_ctypes/stgdict.c +++ b/Modules/_ctypes/stgdict.c @@ -496,13 +496,19 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct } len = strlen(fieldname) + strlen(fieldfmt); - buf = alloca(len + 2 + 1); + buf = PyMem_Malloc(len + 2 + 1); + if (buf == NULL) { + Py_DECREF(pair); + PyErr_NoMemory(); + return -1; + } sprintf(buf, "%s:%s:", fieldfmt, fieldname); ptr = stgdict->format; stgdict->format = _ctypes_alloc_format_string(stgdict->format, buf); PyMem_Free(ptr); + PyMem_Free(buf); if (stgdict->format == NULL) { Py_DECREF(pair);