String length overflow in Tkinter #65751

serhiy-storchaka · 2014-05-22T14:42:03Z

BPO	21552
Nosy	@loewis, @serhiy-storchaka
Files	tkinter_strlen_overflow.patch tkinter_strlen_overflow-2.7.patch: Patch for 2.7 tkinter_strlen_overflow_alt.patch

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/serhiy-storchaka'
closed_at = <Date 2014-06-01.14:09:49.066>
created_at = <Date 2014-05-22.14:42:02.700>
labels = ['type-bug', 'expert-tkinter']
title = 'String length overflow in Tkinter'
updated_at = <Date 2014-06-01.14:09:49.066>
user = 'https://github.com/serhiy-storchaka'

bugs.python.org fields:

activity = <Date 2014-06-01.14:09:49.066>
actor = 'serhiy.storchaka'
assignee = 'serhiy.storchaka'
closed = True
closed_date = <Date 2014-06-01.14:09:49.066>
closer = 'serhiy.storchaka'
components = ['Tkinter']
creation = <Date 2014-05-22.14:42:02.700>
creator = 'serhiy.storchaka'
dependencies = []
files = ['35312', '35313', '35345']
hgrepos = []
issue_num = 21552
keywords = ['patch']
message_count = 3.0
messages = ['218898', '219073', '219386']
nosy_count = 4.0
nosy_names = ['loewis', 'gpolo', 'python-dev', 'serhiy.storchaka']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue21552'
versions = ['Python 2.7', 'Python 3.4', 'Python 3.5']

serhiy-storchaka · 2014-05-22T14:41:59Z

Tkinter converts str argument to C string and then pass it to Tcl. But Tcl handles string length as int and it can overflow if strlen() returns value > INT_MAX. Proposed patch introduces special conversion functions which ensure that string length will not overflow. It also corrects error message in getint(), getdouble() and getboolean() methods (e.g. "must be int or str" instead of "must be str") and adds tests for them.

serhiy-storchaka · 2014-05-25T07:04:07Z

Here is a little simpler patch. Instead of checking string length in custom converter, it is checked after invocation of PyArg_ParseTuple. Also added bigmem tests.

python-dev · 2014-05-30T11:39:17Z

New changeset 59468bd68789 by Serhiy Storchaka in branch '2.7':
Issue bpo-21552: Fixed possible integer overflow of too long string lengths in
http://hg.python.org/cpython/rev/59468bd68789

New changeset a90cddfd9e47 by Serhiy Storchaka in branch '3.4':
Issue bpo-21552: Fixed possible integer overflow of too long string lengths in
http://hg.python.org/cpython/rev/a90cddfd9e47

New changeset 5b80af12ccb7 by Serhiy Storchaka in branch 'default':
Issue bpo-21552: Fixed possible integer overflow of too long string lengths in
http://hg.python.org/cpython/rev/5b80af12ccb7

New changeset 8c96af2fba28 by Serhiy Storchaka in branch '2.7':
Fixed possible integer overflow in getint, getdouble and getboolean too (issue bpo-21552).
http://hg.python.org/cpython/rev/8c96af2fba28

serhiy-storchaka self-assigned this May 22, 2014

serhiy-storchaka added topic-tkinter type-bug An unexpected behavior, bug, or error labels May 22, 2014

serhiy-storchaka closed this as completed Jun 1, 2014

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

String length overflow in Tkinter #65751

String length overflow in Tkinter #65751

serhiy-storchaka commented May 22, 2014

serhiy-storchaka commented May 22, 2014

serhiy-storchaka commented May 25, 2014

python-dev mannequin commented May 30, 2014

String length overflow in Tkinter #65751

String length overflow in Tkinter #65751

Comments

serhiy-storchaka commented May 22, 2014

serhiy-storchaka commented May 22, 2014

serhiy-storchaka commented May 25, 2014

python-dev mannequin commented May 30, 2014