8000 py/objint: Fix int.to_bytes() buffer size checks. by projectgus · Pull Request #13087 · micropython/micropython · GitHub
[go: up one dir, main page]
Skip to content

py/objint: Fix int.to_bytes() buffer size checks. #13087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 24, 2024
Merged

py/objint: Fix int.to_bytes() buffer size checks. #13087

merged 2 commits into from
Jun 24, 2024

Conversation

projectgus
Copy link
Contributor
@projectgus projectgus commented Nov 29, 2023
edited
Loading

This "little fix" ended up growing and growing, so this might be too much code size impact. In which case this should be closed. There's a much smaller patch which only fixes the first point from the list below.

  • No longer overflows if byte size is 0 (closes heap-buffer-overfl 10000 ow: from 0 length int_to_bytes #13041)
  • Raises OverflowError in any case where number won't fit into byte length. (Now matches CPython, previously MicroPython would return a truncated bytes object.)
  • Document that micropython int.to_bytes() doesn't implement the optional signed kwarg, but will behave as if signed=True when the integer is negative (this is the current behaviour). Add tests for this also.

Changes are implemented for small ints, MPZ large ints, and "long long" large ints.

Adds a new set of unit tests for ints between 32 and 64 bits to increase coverage of "long long" large ints, which are otherwise untested.

Tested on unix port (64 bit small ints, MPZ long ints) and Zephyr STM32WB board (32 bit small ints, long long large ints).

Untested on a port whose native format is big endian (don't have one at hand).

This work was funded through GitHub Sponsors.

@github-actions GitHub Actions
Copy link
github-actions bot commented Nov 29, 2023
edited
Loading

Code size report:

   bare-arm:   +80 +0.141% 
minimal x86:  +152 +0.081% 
   unix x64:  +232 +0.028% standard
      stm32:  +156 +0.040% PYBV10
     mimxrt:  +152 +0.042% TEENSY40
        rp2:  +168 +0.019% RPI_PICO_W
       samd:  +148 +0.056% ADAFRUIT_ITSYBITSY_M4_EXPRESS

@codecov Codecov
Copy link
codecov bot commented Nov 29, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.42%. Comparing base (cebc9b0) to head (908ab1c).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #13087   +/-   ##
=======================================
  Coverage   98.42%   98.42%           
=======================================
  Files         161      161           
  Lines       21234    21248   +14     
=======================================
+ Hits        20900    20914   +14     
  Misses        334      334

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@projectgus projectgus marked this pull request as draft November 29, 2023 02:50
@dpgeorge dpgeorge added the py-core Relates to py/ directory in source label Jan 16, 2024
@projectgus projectgus force-pushed the bugfix/int_to_bytes branch 4 times, most recently from d509c0b to c97d353 Compare April 10, 2024 03:52
@projectgus projectgus marked this pull request as ready for review April 10, 2024 04:07
@projectgus projectgus mentioned this pull request Apr 10, 2024
Closed
4 tasks
@dpgeorge dpgeorge added this to the release-1.24.0 milestone Apr 21, 2024
@projectgus projectgus force-pushed the bugfix/int_to_bytes branch 2 times, most recently from 262a9ab to fe533a8 Compare April 30, 2024 07:18
@projectgus projectgus mentioned this pull request Apr 30, 2024
Merged
@projectgus projectgus force-pushed the bugfix/int_to_bytes branch 7 times, most recently from dc8c049 to ed3a113 Compare May 1, 2024 06:18
projectgus
projectgus commented May 1, 2024
View reviewed changes
py/objint.c
int slen = MP_INT_REPR_LEN(val, val < 0);
memset(data, val < 0 ? 0xFF : 0x00, dlen);
if (slen <= dlen) {
mp_binary_set_int(slen, big_endian, data + (big_endian ? (dlen - slen) : 0), val);
Copy link
Contributor Author
@projectgus projectgus Apr 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For later consideration (not this PR): can mp_binary_set_val and this function be combined to save size?

py/misc.h
} else {
return mp_clzll(x);
}
}
Copy link
Contributor Author
@projectgus projectgus May 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't really like this approach but it seems the least bad that works across all configurations and isn't too intrusive.

The other way I thought to do it was to only define mp_clz32() and mp_clz64() and then have each port define MP_SIZEOF_INT or a similar macro.

@projectgus
Copy link
Contributor Author

@dpgeorge Finally found a combination that works across all ports, I think!

@agatti agatti mentioned this pull request May 17, 2024
Closed
@dpgeorge
Copy link
Member

We need to go with the fixes here, even though they are relatively large in size. Otherwise there are subtle bugs in the integer/byte conversion.

@projectgus @dpgeorge
py/misc: Move mp_clz and mp_ctz intrinsics into misc.h.
d933210 
Signed-off-by: Angus Gratton <angus@redyak.com.au>
@projectgus @dpgeorge
py/objint: Fix int.to_bytes() buffer size checks.
908ab1c 
Fixes and improvements to `int.to_bytes()` are:
- No longer overflows if byte size is 0 (closes micropython#13041).
- Raises OverflowError in any case where number won't fit into byte length
  (now matches CPython, previously MicroPython would return a truncated
  bytes object).
- Document that `micropython int.to_bytes()` doesn't implement the optional
  signed kwarg, but will behave as if `signed=True` when the integer is
  negative (this is the current behaviour).  Add tests for this also.

Requires changes for small ints, MPZ large ints, and "long long" large
ints.

Adds a new set of unit tests for ints between 32 and 64 bits to increase
coverage of "long long" large ints, which are otherwise untested.

Tested on unix port (64 bit small ints, MPZ long ints) and Zephyr STM32WB
board (32 bit small ints, long long large ints).

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton <angus@redyak.com.au>
@dpgeorge dpgeorge force-pushed the bugfix/int_to_bytes branch from ed3a113 to 908ab1c Compare June 24, 2024 04:23
@dpgeorge dpgeorge merged commit 908ab1c into micropython:master Jun 24, 2024
63 of 64 checks passed
@projectgus projectgus deleted the bugfix/int_to_bytes branch November 1, 2024 05:12
@projectgus projectgus restored the bugfix/int_to_bytes branch November 1, 2024 05:12
@projectgus projectgus deleted the bugfix/int_to_bytes branch November 1, 2024 05:12
@projectgus projectgus mentioned this pull request Nov 27, 2024
Draft
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
py-core Relates to py/ directory in source
Projects
None yet
Milestone
release-1.24.0
Development

Successfully merging this pull request may close these issues.

heap-buffer-overflow: from 0 length int_to_bytes
2 participants
@projectgus @dpgeorge
0