From 025e5f2b339377ebc54ebc9cab2612946145a6fa Mon Sep 17 00:00:00 2001 From: Damien George Date: Thu, 17 Aug 2017 16:16:11 +1000 Subject: [PATCH] py/binary: Change internal bytearray typecode from 0 to 1. The value of 0 can't be used because otherwise mp_binary_get_size will let a null byte through as the type code (intepreted as byterray). This can lead to invalid type-specifier strings being let through without an error in the struct module, and even buffer overruns. --- py/binary.h | 5 +++-- tests/basics/struct2.py | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/py/binary.h b/py/binary.h index 7b5c60f1ac..0dae6a29e6 100644 --- a/py/binary.h +++ b/py/binary.h @@ -29,8 +29,9 @@ #include "py/obj.h" // Use special typecode to differentiate repr() of bytearray vs array.array('B') -// (underlyingly they're same). -#define BYTEARRAY_TYPECODE 0 +// (underlyingly they're same). Can't use 0 here because that's used to detect +// type-specification errors due to end-of-string. +#define BYTEARRAY_TYPECODE 1 size_t mp_binary_get_size(char struct_type, char val_type, mp_uint_t *palign); mp_obj_t mp_binary_get_val_array(char typecode, void *p, mp_uint_t index); diff --git a/tests/basics/struct2.py b/tests/basics/struct2.py index d8234d0d36..3b9dd5c1f6 100644 --- a/tests/basics/struct2.py +++ b/tests/basics/struct2.py @@ -40,3 +40,30 @@ try: struct.calcsize('0z') except: print('Exception') + +# check that a count without a type specifier raises an exception + +try: + struct.calcsize('1') +except: + print('Exception') + +try: + struct.pack('1') +except: + print('Exception') + +try: + struct.pack_into('1', bytearray(4), 0, 'xx') +except: + print('Exception') + +try: + struct.unpack('1', 'xx') +except: + print('Exception') + +try: + struct.unpack_from('1', 'xx') +except: + print('Exception')