This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: pass big values for arg to fcntl.ioctl
Type: behavior Stage: patch review
Components: Versions: Python 3.10, Python 3.9
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: cfi, mark.dickinson, serhiy.storchaka, twouters, ukl, vstinner
Priority: normal Keywords: patch

Created on 2017-06-14 14:27 by ukl, last changed 2022-04-11 14:58 by admin.

File name Uploaded Description Edit
unsigned-long-arg-for-ioctl.patch ukl, 2017-06-14 14:27
Pull Requests
URL Status Linked Edit
PR 2286 open serhiy.storchaka, 2017-06-20 07:50
Messages (4)
msg296008 - (view) Author: Uwe Kleine-König (ukl) * Date: 2017-06-14 14:27
When passing a big integer value to fcntl.ioctl this might result in

     OverflowError: signed integer is greater than maximum

. Traditionally ioctl(3) takes a pointer as third argument. The fcntl module however uses an int (format specifier 'i') which is too small to hold a pointer on 64 bit architectures.

The fix is to use 'k' (and an unsigned long) instead of 'i' (and an int). An unsigned long is suitable to hold a pointer value on AFAIK all platforms that matter today. (And it works on all platforms where int is already good enough, so the suggested change doesn't do any harm.)

A patch is attached.
msg296242 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-06-17 16:32
The FreeBSD [1], OpenBSD [2], and Solaris 10 [3] documentations specify the third argument of ioctl() as either an int or a pointer.

Passing a 64-bit long instead of a 32-bit int on big-endian platform can cause incorrect interpretation of an argument.

msg296307 - (view) Author: Uwe Kleine-König (ukl) * Date: 2017-06-19 08:23
So the only option to fix this is to determine the type of arg from the request parameter? I failed to find the implementation of ioctl for linux in glibc, the best I found is one that only seems to be used on powerpc[1] which seems to assume that the third argument is a pointer. The Linux kernel prototype takes an unsigned long[2] and encodes the size of the data pointed to in the request using _IOC[3]. On hurd there are different macros to determine the type. I'm not fluent in *BSD and Solaris (and other operating systems), so I cannot add specifics for them. I cannot even say which OS that runs Python can run in 64 bit BE mode.

msg296405 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-06-20 07:54
PR 2286 uses for the third argument char* on Linux and int or unsigned int on other platforms. It keeps some degree of integer overflow control.
Date User Action Args
2022-04-11 14:58:47adminsetgithub: 74850
2020-05-28 01:38:07ned.deilysetversions: + Python 3.9, Python 3.10, - Python 2.7, Python 3.5, Python 3.6, Python 3.7
2017-06-20 07:54:33serhiy.storchakasetversions: + Python 2.7, Python 3.6, Python 3.7
nosy: + twouters, mark.dickinson

messages: + msg296405

stage: patch review
2017-06-20 07:50:47serhiy.storchakasetpull_requests: + pull_request2334
2017-06-19 08:23:58uklsetmessages: + msg296307
2017-06-17 16:32:21serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg296242
2017-06-17 15:54:20cfisetnosy: + cfi
2017-06-14 15:02:01vstinnersetnosy: + vstinner
2017-06-14 14:27:52uklcreate