Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible signed integer overflow in slice handling #81127

Closed
ZackerySpytz mannequin opened this issue May 17, 2019 · 7 comments
Closed

Possible signed integer overflow in slice handling #81127

ZackerySpytz mannequin opened this issue May 17, 2019 · 7 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error

Comments

@ZackerySpytz
Copy link
Mannequin

ZackerySpytz mannequin commented May 17, 2019

BPO 36946
Nosy @vadmium, @serhiy-storchaka, @ZackerySpytz, @miss-islington, @isidentical
PRs
  • bpo-36946: Fix possible signed integer overflow when handling slices #13375
  • [3.7] bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375) #13376
  • bpo-36946:Fix possible signed integer overflow when handling slices #15639
  • [3.7] bpo-36946:Fix possible signed integer overflow when handling slices. (GH-15639) #15729
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2019-09-08.10:54:41.057>
created_at = <Date 2019-05-17.05:48:44.371>
labels = ['extension-modules', 'interpreter-core', '3.8', 'type-bug', '3.7']
title = 'Possible signed integer overflow in slice handling'
updated_at = <Date 2019-09-08.10:54:41.055>
user = 'https://github.com/ZackerySpytz'

    bugs.python.org fields:

    activity = <Date 2019-09-08.10:54:41.055>
actor = 'serhiy.storchaka'
assignee = 'none'
closed = True
closed_date = <Date 2019-09-08.10:54:41.057>
closer = 'serhiy.storchaka'
components = ['Extension Modules', 'Interpreter Core']
creation = <Date 2019-05-17.05:48:44.371>
creator = 'ZackerySpytz'
dependencies = []
files = []
hgrepos = []
issue_num = 36946
keywords = ['patch']
message_count = 7.0
messages = ['342689', '342690', '342691', '350368', '351321', '351323', '351325']
nosy_count = 5.0
nosy_names = ['martin.panter', 'serhiy.storchaka', 'ZackerySpytz', 'miss-islington', 'BTaskaya']
pr_nums = ['13375', '13376', '15639', '15729']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue36946'
versions = ['Python 3.7', 'Python 3.8']
    @ZackerySpytz
    Copy link
    Mannequin Author

    ZackerySpytz mannequin commented May 17, 2019 

    Python 3.8.0a4+ (heads/master:870b035bc6, May 16 2019, 20:53:02) 
[GCC 9.0.1 20190402 (experimental) [trunk revision 270074]] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> 'hi'[1::sys.maxsize]
Objects/unicodeobject.c:14038:55: runtime error: signed integer overflow: 1 + 9223372036854775807 cannot be represented in type 'long int'
'i'
>>>

    This is because unicode_subscript() performs an extra addition (cur += step) at the end of the for loop (which can overflow). The result of that final addition is not actually used.

    A patch to fix this issue was posted on bpo-1621, but it seems that the patch has been abandoned. The bug is also described in detail in that issue. I have tweaked the patch and will open a PR.

    @ZackerySpytz ZackerySpytz mannequin added 3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error labels May 17, 2019
    @serhiy-storchaka
    Copy link
    Member

    New changeset 14514d9 by Serhiy Storchaka (Zackery Spytz) in branch 'master':
    bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)
    14514d9

    @miss-islington
    Copy link
    Contributor

    New changeset f02d1a4 by Miss Islington (bot) in branch '3.7':
    bpo-36946: Fix possible signed integer overflow when handling slices. (GH-13375)
    f02d1a4

    @isidentical
    Copy link
    Sponsor Member

    Should we close this?

    @serhiy-storchaka
    Copy link
    Member

    New changeset 3c87a66 by Serhiy Storchaka (HongWeipeng) in branch 'master':
    bpo-36946:Fix possible signed integer overflow when handling slices. (GH-15639)
    3c87a66

    @miss-islington
    Copy link
    Contributor

    New changeset 021e5db by Miss Islington (bot) in branch '3.7':
    bpo-36946:Fix possible signed integer overflow when handling slices. (GH-15639)
    021e5db

    @serhiy-storchaka
    Copy link
    Member

    Thank you Zackery and HongWeipeng for your contribution!

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    3 participants
    @serhiy-storchaka @miss-islington @isidentical