From: Douglas Bagnall Date: Thu, 29 May 2025 00:58:48 +0000 (+1200) Subject: python:build: do not allow sizeof(int) != 4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=812998b15ff9130d8f7139e20ac61ac75e68eff0;p=thirdparty%2Fsamba.git python:build: do not allow sizeof(int) != 4 A non-32 bit int will (if the compiler allows it) result in code where we write into memory adjacent to a target uint32_t value in many python bindings using the python arg-parsing API. The more correct thing to do would be to always parse into an unsigned long long and error if it is greater than UINT32_MAX, but we do this in so many places that there is reason to believe we'll just keep adding more. Note, we already check in lib/replace/wscript that int is at least 32 bits; here we are effectively just checking that it is not more. There was apparently a version of 64 bit Solaris in the 1990s that had 64 bit ints. Signed-off-by: Douglas Bagnall Reviewed-by: Jennifer Sutton --- diff --git a/python/wscript b/python/wscript index 7c17e390dc7..b5e509bbf1a 100644 --- a/python/wscript +++ b/python/wscript @@ -72,6 +72,19 @@ def configure(conf): finally: f.close() + # In many places we fill in a uint32_t with an unsigned int, using + # PyArg_ParseTuple("I"), which will overwrite memory if the size + # of the int is not 4. There are no systems on which Samba will + # compile where int is not 32 bit, but we are testing in case this + # changes. + if 'SIZEOF_INT' not in conf.env: + conf.CHECK_SIZEOF('int uint32_t') + sizeof_int = conf.env['SIZEOF_INT'] + sizeof_uint32 = conf.env['SIZEOF_UINT32_T'] + if sizeof_int != sizeof_uint32: + conf.fatal("Samba python bindings won't work with int bigger than uint32_t " + f"(int: {sizeof_int}, uint32_t: {sizeof_uint32}).") + if conf.CONFIG_GET('ENABLE_SELFTEST'): for module, package in selftest_pkgs.items(): find_third_party_module(conf, module, package)