Issue 21552: String length overflow in Tkinter

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/65751

classification

Title:	String length overflow in Tkinter
Type:	behavior	Stage:	resolved
Components:	Tkinter	Versions:	Python 3.4, Python 3.5, Python 2.7

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	serhiy.storchaka	Nosy List:	gpolo, loewis, python-dev, serhiy.storchaka
Priority:	normal	Keywords:	patch

Created on 2014年05月22日 14:42 by serhiy.storchaka, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
tkinter_strlen_overflow.patch	serhiy.storchaka, 2014年05月22日 14:41	review
tkinter_strlen_overflow-2.7.patch	serhiy.storchaka, 2014年05月22日 14:59	Patch for 2.7	review
tkinter_strlen_overflow_alt.patch	serhiy.storchaka, 2014年05月25日 07:04	review

Messages (3)
msg218898 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2014年05月22日 14:41
Tkinter converts str argument to C string and then pass it to Tcl. But Tcl handles string length as int and it can overflow if strlen() returns value > INT_MAX. Proposed patch introduces special conversion functions which ensure that string length will not overflow. It also corrects error message in getint(), getdouble() and getboolean() methods (e.g. "must be int or str" instead of "must be str") and adds tests for them.
msg219073 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)	Date: 2014年05月25日 07:04
Here is a little simpler patch. Instead of checking string length in custom converter, it is checked after invocation of PyArg_ParseTuple. Also added bigmem tests.
msg219386 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年05月30日 11:39
New changeset 59468bd68789 by Serhiy Storchaka in branch '2.7': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/59468bd68789 New changeset a90cddfd9e47 by Serhiy Storchaka in branch '3.4': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/a90cddfd9e47 New changeset 5b80af12ccb7 by Serhiy Storchaka in branch 'default': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/5b80af12ccb7 New changeset 8c96af2fba28 by Serhiy Storchaka in branch '2.7': Fixed possible integer overflow in getint, getdouble and getboolean too (issue #21552). http://hg.python.org/cpython/rev/8c96af2fba28

History
Date	User	Action	Args
2022年04月11日 14:58:03	admin	set	github: 65751
2014年06月01日 14:09:49	serhiy.storchaka	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2014年05月30日 11:39:16	python-dev	set	nosy: + python-dev messages: + msg219386
2014年05月25日 07:04:12	serhiy.storchaka	set	files: + tkinter_strlen_overflow_alt.patch messages: + msg219073
2014年05月22日 14:59:13	serhiy.storchaka	set	files: + tkinter_strlen_overflow-2.7.patch
2014年05月22日 14:42:02	serhiy.storchaka	create

homepage