Skip to content

gh-111178: fix UBSan failures in Modules/_struct.c #129793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
picnixz merged 10 commits into from
Feb 23, 2025
Merged

gh-111178: fix UBSan failures in Modules/_struct.c #129793

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
3a9cc21
fix UBSan failures for `PyStructObject`
picnixz Jan 25, 2025
5613079
suppress unused return values
picnixz Jan 25, 2025
69feffd
fix UBSan failures for `unpackiterobject`
picnixz Jan 25, 2025
0966e86
Merge remote-tracking branch 'upstream/main' into fix/ubsan/struct-11…
picnixz Feb 7, 2025
0e700b0
Do Do not use `_` + capital letter in new code as it is also UB.
picnixz Feb 8, 2025
3483d82
Do not add an underscore to the macro if none is needed.
picnixz Feb 8, 2025
aad1d42
Merge branch 'main' into fix/ubsan/struct-111178
encukou Feb 18, 2025
5c360bd
fix semantic naming
picnixz Feb 22, 2025
27f6364
use better semantic naming
picnixz Feb 23, 2025
9f13d28
revert a space that increased the diff and was more inconsistent
picnixz Feb 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix UBSan failures for PyStructObject
  • Loading branch information
@picnixz
picnixz committed Jan 25, 2025
commit 3a9cc2120fbcc73c9d70bc3205201c8845307ff2
44 changes: 26 additions & 18 deletions Modules/_struct.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ typedef struct {
PyObject *weakreflist; /* List of weak references */
} PyStructObject;

#define PyStruct_Check(op, state) PyObject_TypeCheck(op, (PyTypeObject *)(state)->PyStructType)
#define _PyStructObject_CAST(op) ((PyStructObject *)(op))
#define PyStruct_Check(op, state) PyObject_TypeCheck(op, (PyTypeObject *)(state)->PyStructType)

/* Define various structs to figure out the alignments of types */

Expand Down Expand Up @@ -1853,33 +1854,36 @@ Struct___init___impl(PyStructObject *self, PyObject *format)
}

static int
s_clear(PyStructObject *s)
s_clear(PyObject *op)
{
PyStructObject *s = _PyStructObject_CAST(op);
Py_CLEAR(s->s_format);
return 0;
}

static int
s_traverse(PyStructObject *s, visitproc visit, void *arg)
s_traverse(PyObject *op, visitproc visit, void *arg)
{
PyStructObject *s = _PyStructObject_CAST(op);
Py_VISIT(Py_TYPE(s));
Py_VISIT(s->s_format);
return 0;
}

static void
s_dealloc(PyStructObject *s)
s_dealloc(PyObject *op)
{
PyStructObject *s = _PyStructObject_CAST(op);
PyTypeObject *tp = Py_TYPE(s);
PyObject_GC_UnTrack(s);
if (s->weakreflist != NULL)
PyObject_ClearWeakRefs((PyObject *)s);
if (s->weakreflist != NULL) {
PyObject_ClearWeakRefs(op);
}
if (s->s_codes != NULL) {
PyMem_Free(s->s_codes);
}
Py_XDECREF(s->s_format);
freefunc free_func = PyType_GetSlot(Py_TYPE(s), Py_tp_free);
free_func(s);
tp->tp_free(s);
Py_DECREF(tp);
}

Expand Down Expand Up @@ -2264,7 +2268,7 @@ s_pack(PyObject *self, PyObject *const *args, Py_ssize_t nargs)
_structmodulestate *state = get_struct_state_structinst(self);

/* Validate arguments. */
soself = (PyStructObject *)self;
soself = _PyStructObject_CAST(self);
assert(PyStruct_Check(self, state));
assert(soself->s_codes != NULL);
if (nargs != soself->s_len)
Expand Down Expand Up @@ -2309,7 +2313,7 @@ s_pack_into(PyObject *self, PyObject *const *args, Py_ssize_t nargs)
_structmodulestate *state = get_struct_state_structinst(self);

/* Validate arguments. +1 is for the first arg as buffer. */
soself = (PyStructObject *)self;
soself = _PyStructObject_CAST(self);
assert(PyStruct_Check(self, state));
assert(soself->s_codes != NULL);
if (nargs != (soself->s_len + 2))
Expand Down Expand Up @@ -2395,24 +2399,27 @@ s_pack_into(PyObject *self, PyObject *const *args, Py_ssize_t nargs)
}

static PyObject *
s_get_format(PyStructObject *self, void *unused)
s_get_format(PyObject *op, void *Py_UNUSED(closure))
{
PyStructObject *self = _PyStructObject_CAST(op);
return PyUnicode_FromStringAndSize(PyBytes_AS_STRING(self->s_format),
PyBytes_GET_SIZE(self->s_format));
}

static PyObject *
s_get_size(PyStructObject *self, void *unused)
s_get_size(PyObject *op, void *Py_UNUSED(closure))
{
PyStructObject *self = _PyStructObject_CAST(op);
return PyLong_FromSsize_t(self->s_size);
}

PyDoc_STRVAR(s_sizeof__doc__,
"S.__sizeof__() -> size of S in memory, in bytes");

static PyObject *
s_sizeof(PyStructObject *self, void *unused)
s_sizeof(PyObject *op, PyObject *Py_UNUSED(unused))
{
PyStructObject *self = _PyStructObject_CAST(op);
size_t size = _PyObject_SIZE(Py_TYPE(self)) + sizeof(formatcode);
for (formatcode *code = self->s_codes; code->fmtdef != NULL; code++) {
size += sizeof(formatcode);
Expand All @@ -2421,8 +2428,9 @@ s_sizeof(PyStructObject *self, void *unused)
}

static PyObject *
s_repr(PyStructObject *self)
s_repr(PyObject *op)
{
PyStructObject *self = _PyStructObject_CAST(op);
PyObject* fmt = PyUnicode_FromStringAndSize(
PyBytes_AS_STRING(self->s_format), PyBytes_GET_SIZE(self->s_format));
if (fmt == NULL) {
Expand All @@ -2441,7 +2449,7 @@ static struct PyMethodDef s_methods[] = {
{"pack_into", _PyCFunction_CAST(s_pack_into), METH_FASTCALL, s_pack_into__doc__},
STRUCT_UNPACK_METHODDEF
STRUCT_UNPACK_FROM_METHODDEF
{"__sizeof__", (PyCFunction)s_sizeof, METH_NOARGS, s_sizeof__doc__},
{"__sizeof__", s_sizeof, METH_NOARGS, s_sizeof__doc__},
{NULL, NULL} /* sentinel */
};

Expand All @@ -2451,8 +2459,8 @@ static PyMemberDef s_members[] = {
};

static PyGetSetDef s_getsetlist[] = {
{"format", (getter)s_get_format, (setter)NULL, PyDoc_STR("struct format string"), NULL},
{"size", (getter)s_get_size, (setter)NULL, PyDoc_STR("struct size in bytes"), NULL},
{"format", s_get_format, NULL, PyDoc_STR("struct format string"), NULL},
{"size", s_get_size, NULL, PyDoc_STR("struct size in bytes"), NULL},
{NULL} /* sentinel */
};

Expand Down Expand Up @@ -2508,7 +2516,7 @@ cache_struct_converter(PyObject *module, PyObject *fmt, PyStructObject **ptr)
return 0;
}
if (s_object != NULL) {
*ptr = (PyStructObject *)s_object;
*ptr = _PyStructObject_CAST(s_object);
return Py_CLEANUP_SUPPORTED;
}

Expand Down