From: Serhiy Storchaka <storchaka@gmail.com>
Date: Mon, 21 Oct 2019 18:40:30 +0000 (+0300)
Subject: [2.7] bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869... 
X-Git-Tag: v2.7.18rc1~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccdfeb7e969bf3aafd43dbe6581c30f66f2b0890;p=thirdparty%2FPython%2Fcpython.git

[2.7] bpo-38540: Fix possible leak in PyArg_Parse for "es#" and "et#". (GH-16869). (GH-16877)

(cherry picked from commit 5bc6a7c06eda20ba131ecba6752be0506d310181)
---

diff --git a/Misc/NEWS.d/next/C API/2019-10-21-09-24-03.bpo-38540.314N_T.rst b/Misc/NEWS.d/next/C API/2019-10-21-09-24-03.bpo-38540.314N_T.rst
new file mode 100644
index 000000000000..1d73ad8fe96e
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2019-10-21-09-24-03.bpo-38540.314N_T.rst	
@@ -0,0 +1,3 @@
+Fixed possible leak in :c:func:`PyArg_Parse` and similar functions for
+format units ``"es#"`` and ``"et#"`` when the macro
+:c:macro:`PY_SSIZE_T_CLEAN` is not defined.
diff --git a/Python/getargs.c b/Python/getargs.c
index cc1ddde977f5..12ee2486377f 100644
--- a/Python/getargs.c
+++ b/Python/getargs.c
@@ -1156,7 +1156,19 @@ convertsimple(PyObject *arg, const char **p_format, va_list *p_va, int flags,
             memcpy(*buffer,
                    PyString_AS_STRING(s),
                    size + 1);
-            STORE_SIZE(size);
+
+            if (flags & FLAG_SIZE_T) {
+                *q2 = size;
+            }
+            else {
+                if (INT_MAX < size) {
+                    Py_DECREF(s);
+                    PyErr_SetString(PyExc_OverflowError,
+                                    "size does not fit in an int");
+                    return converterr("", arg, msgbuf, bufsize);
+                }
+                *q = (int)size;
+            }
         } else {
             /* Using a 0-terminated buffer: