8000 gh-126119: fix some crashes in code objects if `co_stacksize` is absurdly large by picnixz · Pull Request #126122 · python/cpython · GitHub
[go: up one dir, main page]
Skip to content

gh-126119: fix some crashes in code objects if co_stacksize is absurdly large #126122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 27 commits into
base: main
Choose a base branch
from
Open

gh-126119: fix some crashes in code objects if co_stacksize is absurdly large #126122

Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
dbf3d61
fix overflow in frame's stacksizes
picnixz Oct 29, 2024
a566469
blurb
picnixz Oct 29, 2024
222de28
blurb v2
picnixz Oct 29, 2024
303109b
fix more cases
picnixz Oct 29, 2024
d743a3d
improve test coverage!
picnixz Oct 29, 2024
6b34c22
improve test coverage!
picnixz Oct 29, 2024
044d1a5
fix logic
picnixz Oct 31, 2024
d6f3bc4
remove un-necessary assertion
picnixz Oct 31, 2024
31f36de
skip a test on free-threaded builds to avoid crash
picnixz Oct 31, 2024
b26dd72
fix tests on 32-bit platforms
picnixz Oct 31, 2024
fe0b04e
fix casts
picnixz Oct 31, 2024
1fe8e28
fix boundary conditions
picnixz Oct 31, 2024
40d8b91
Merge remote-tracking branch 'upstream/main' into fix/overflow-in-fra…
picnixz Oct 31, 2024
8c7ce9c
Update Lib/test/test_frame.py
picnixz Nov 7, 2024
f8a0eef
Update Misc/NEWS.d/next/Core_and_Builtins/2024-10-29-11-47-19.gh-issu…
picnixz Nov 7, 2024
3130f94
change co_stacksize upper limit
picnixz Nov 8, 2024
91f95de
remove test that cannot overflow now
picnixz Nov 8, 2024
c5d7596
fix tests
picnixz Nov 8, 2024
a0b85d4
remove unused imports
picnixz Nov 8, 2024
04abc46
update comment
picnixz Nov 9, 2024
0187b72
remove assertions from `gen_sizeof` and `frame_sizeof`
picnixz Nov 9, 2024
c9969a4
update test
picnixz Nov 9, 2024
6c0e1a6
update test
picnixz Nov 9, 2024
a498df9
Merge branch 'main' into fix/overflow-in-frame-sizeof-126119
picnixz Feb 23, 2025
6284de6
Merge branch 'main' into fix/overflow-in-frame-sizeof-126119
picnixz May 11, 2025
fdb2e89
address review
picnixz May 15, 2025
990a69c
Merge remote-tracking branch 'upstream/main' into fix/code/overflow-1…
picnixz Jun 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
update comment
  • Loading branch information
@picnixz
picnixz committed Nov 9, 2024
commit 04abc46ec6b8da3a8ee7dd917ad8aec9e2bc6d1d
11 changes: 5 additions & 6 deletions Objects/codeobject.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -437,16 +437,15 @@ _PyCode_Validate(struct _PyCodeConstructor *con)
return -1;
}
/*
* The framesize = stacksize + nlocalsplus + FRAME_SPECIALS_SIZE is used
* as framesize * sizeof(PyObject *) and assumed to be < INT_MAX. Thus,
* we need to dynamically limit the value of stacksize. Note that this
* usually prevents crashes due to assertions but a MemoryError may still
* be triggered later.
* Since framesize = stacksize + nlocalsplus + FRAME_SPECIALS_SIZE is used
* as framesize * sizeof(PyObject *) and assumed to be < INT_MAX in many
* other places, we need to limit stacksize + nlocalsplus in order to
* avoid overflows.
*
* See https://github.com/python/cpython/issues/126119 for details
* and corresponding PR for the rationale on the upper limit value.
*/
Py_ssize_t limit = (Py_ssize_t)(INT_MAX / 16) - FRAME_SPECIALS_SIZE;
Py_ssize_t limit = (Py_ssize_t)(INT_MAX / 16);
Py_ssize_t nlocalsplus = PyTuple_GET_SIZE(con->localsplusnames);
if (nlocalsplus >= limit || con->stacksize >= limit - nlocalsplus) {
PyErr_SetString(PyExc_OverflowError,
Expand Down
0