Issue 36436: _testcapi.pymem_buffer_overflow() doesn't handle memory allocation failure (original) (raw)

Issue36436

Created on 2019-03-26 12:35 by wjq-security, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (6)
msg338875 - (view)	Author: wangjiangqiang (wjq-security)	Date: 2019-03-26 12:35
In Modules/_testcapimodule.c line 4186 and 4187. Allocated memory is used without null check.
msg338878 - (view)	Author: Karthikeyan Singaravelan (xtreak) *	Date: 2019-03-26 12:41
_testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue.
msg338880 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-03-26 12:51
> _testcapimodule.c is mostly imported as _testcapi in tests. I am not sure this is a security issue. The function triggers a memory overflow on purpose. Handling memory allocation failure is the least of your problem if you call this function :-) The whole module is designed to testing purpose only. "_" prefix in "_testapi" means that it must not be used. It's not documented on purpose. Attached PR fix the bug.
msg338888 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-03-26 13:35
New changeset 414b1cde93764cdabb0798b02af4dd7df954424d by Victor Stinner in branch 'master': bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560) https://github.com/python/cpython/commit/414b1cde93764cdabb0798b02af4dd7df954424d
msg338898 - (view)	Author: miss-islington (miss-islington)	Date: 2019-03-26 15:39
New changeset 20fde53a25aefd076d8478f67d6db3908459c6f3 by Miss Islington (bot) in branch '3.7': bpo-36436: Fix _testcapi.pymem_buffer_overflow() (GH-12560) https://github.com/python/cpython/commit/20fde53a25aefd076d8478f67d6db3908459c6f3
msg338912 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-03-26 18:35
Thanks for your bug report. It is now fixed.