Issue 21552: String length overflow in Tkinter [proxy]

The Wayback Machine - https://web.archive.org/web/20210523113758/https://bugs.python.org/issue21552

Issue21552

classification

Title:	String length overflow in Tkinter
Type:	behavior	Stage:	resolved
Components:	Tkinter	Versions:	Python 3.4, Python 3.5, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	serhiy.storchaka	Nosy List:	gpolo, loewis, python-dev, serhiy.storchaka
Priority:	normal	Keywords:	patch

Created on 2014-05-22 14:42 by serhiy.storchaka, last changed 2014-06-01 14:09 by serhiy.storchaka. This issue is now closed.

Files
File name	Uploaded	Description	Edit
tkinter_strlen_overflow.patch	serhiy.storchaka, 2014-05-22 14:41		review
tkinter_strlen_overflow-2.7.patch	serhiy.storchaka, 2014-05-22 14:59	Patch for 2.7	review
tkinter_strlen_overflow_alt.patch	serhiy.storchaka, 2014-05-25 07:04		review

Messages (3)
msg218898 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2014-05-22 14:41
Tkinter converts str argument to C string and then pass it to Tcl. But Tcl handles string length as int and it can overflow if strlen() returns value > INT_MAX. Proposed patch introduces special conversion functions which ensure that string length will not overflow. It also corrects error message in getint(), getdouble() and getboolean() methods (e.g. "must be int or str" instead of "must be str") and adds tests for them.
msg219073 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2014-05-25 07:04
Here is a little simpler patch. Instead of checking string length in custom converter, it is checked after invocation of PyArg_ParseTuple. Also added bigmem tests.
msg219386 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-05-30 11:39
New changeset 59468bd68789 by Serhiy Storchaka in branch '2.7': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/59468bd68789 New changeset a90cddfd9e47 by Serhiy Storchaka in branch '3.4': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/a90cddfd9e47 New changeset 5b80af12ccb7 by Serhiy Storchaka in branch 'default': Issue #21552: Fixed possible integer overflow of too long string lengths in http://hg.python.org/cpython/rev/5b80af12ccb7 New changeset 8c96af2fba28 by Serhiy Storchaka in branch '2.7': Fixed possible integer overflow in getint, getdouble and getboolean too (issue #21552). http://hg.python.org/cpython/rev/8c96af2fba28

History
Date	User	Action	Args
2014-06-01 14:09:49	serhiy.storchaka	set	status: open -> closed resolution: fixed stage: patch review -> resolved
2014-05-30 11:39:16	python-dev	set	nosy: + python-dev messages: + msg219386
2014-05-25 07:04:12	serhiy.storchaka	set	files: + tkinter_strlen_overflow_alt.patch messages: + msg219073
2014-05-22 14:59:13	serhiy.storchaka	set	files: + tkinter_strlen_overflow-2.7.patch
2014-05-22 14:42:02	serhiy.storchaka	create