mirror of
https://github.com/micropython/micropython.git
synced 2025-07-21 21:11:12 +02:00
extmod/moductypes: Validate the descriptor tuple.
Some checks are pending
JavaScript code lint and formatting with Biome / eslint (push) Waiting to run
Check code formatting / code-formatting (push) Waiting to run
Check code size / build (push) Waiting to run
Check spelling with codespell / codespell (push) Waiting to run
Check commit message formatting / build (push) Waiting to run
Build docs / build (push) Waiting to run
Check examples / embedding (push) Waiting to run
Package mpremote / build (push) Waiting to run
.mpy file format and tools / test (push) Waiting to run
Build ports metadata / build (push) Waiting to run
cc3200 port / build (push) Waiting to run
esp32 port / build_idf (esp32_build_cmod_spiram_s2) (push) Waiting to run
esp32 port / build_idf (esp32_build_s3_c3) (push) Waiting to run
esp8266 port / build (push) Waiting to run
mimxrt port / build (push) Waiting to run
nrf port / build (push) Waiting to run
powerpc port / build (push) Waiting to run
qemu-arm port / build_and_test (push) Waiting to run
qemu-riscv port / build_and_test (push) Waiting to run
renesas-ra port / build_renesas_ra_board (push) Waiting to run
rp2 port / build (push) Waiting to run
samd port / build (push) Waiting to run
stm32 port / build_stm32 (stm32_misc_build) (push) Waiting to run
stm32 port / build_stm32 (stm32_nucleo_build) (push) Waiting to run
stm32 port / build_stm32 (stm32_pyb_build) (push) Waiting to run
unix port / minimal (push) Waiting to run
unix port / reproducible (push) Waiting to run
unix port / standard (push) Waiting to run
unix port / standard_v2 (push) Waiting to run
unix port / coverage (push) Waiting to run
unix port / coverage_32bit (push) Waiting to run
unix port / nanbox (push) Waiting to run
unix port / float (push) Waiting to run
unix port / stackless_clang (push) Waiting to run
unix port / float_clang (push) Waiting to run
unix port / settrace (push) Waiting to run
unix port / settrace_stackless (push) Waiting to run
unix port / macos (push) Waiting to run
unix port / qemu_mips (push) Waiting to run
unix port / qemu_arm (push) Waiting to run
webassembly port / build (push) Waiting to run
windows port / build-vs (Debug, x64, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Debug, x64, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Debug, x86, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Debug, x86, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2019, dev, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2019, standard, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2022, standard, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-latest, standard, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2019, dev, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2019, standard, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2022, standard, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-latest, standard, 2017, [15, 16)) (push) Waiting to run
windows port / build-mingw (i686, mingw32, dev) (push) Waiting to run
windows port / build-mingw (i686, mingw32, standard) (push) Waiting to run
windows port / build-mingw (x86_64, mingw64, dev) (push) Waiting to run
windows port / build-mingw (x86_64, mingw64, standard) (push) Waiting to run
windows port / cross-build-on-linux (push) Waiting to run
zephyr port / build (push) Waiting to run
Python code lint and formatting with ruff / ruff (push) Waiting to run
Some checks are pending
JavaScript code lint and formatting with Biome / eslint (push) Waiting to run
Check code formatting / code-formatting (push) Waiting to run
Check code size / build (push) Waiting to run
Check spelling with codespell / codespell (push) Waiting to run
Check commit message formatting / build (push) Waiting to run
Build docs / build (push) Waiting to run
Check examples / embedding (push) Waiting to run
Package mpremote / build (push) Waiting to run
.mpy file format and tools / test (push) Waiting to run
Build ports metadata / build (push) Waiting to run
cc3200 port / build (push) Waiting to run
esp32 port / build_idf (esp32_build_cmod_spiram_s2) (push) Waiting to run
esp32 port / build_idf (esp32_build_s3_c3) (push) Waiting to run
esp8266 port / build (push) Waiting to run
mimxrt port / build (push) Waiting to run
nrf port / build (push) Waiting to run
powerpc port / build (push) Waiting to run
qemu-arm port / build_and_test (push) Waiting to run
qemu-riscv port / build_and_test (push) Waiting to run
renesas-ra port / build_renesas_ra_board (push) Waiting to run
rp2 port / build (push) Waiting to run
samd port / build (push) Waiting to run
stm32 port / build_stm32 (stm32_misc_build) (push) Waiting to run
stm32 port / build_stm32 (stm32_nucleo_build) (push) Waiting to run
stm32 port / build_stm32 (stm32_pyb_build) (push) Waiting to run
unix port / minimal (push) Waiting to run
unix port / reproducible (push) Waiting to run
unix port / standard (push) Waiting to run
unix port / standard_v2 (push) Waiting to run
unix port / coverage (push) Waiting to run
unix port / coverage_32bit (push) Waiting to run
unix port / nanbox (push) Waiting to run
unix port / float (push) Waiting to run
unix port / stackless_clang (push) Waiting to run
unix port / float_clang (push) Waiting to run
unix port / settrace (push) Waiting to run
unix port / settrace_stackless (push) Waiting to run
unix port / macos (push) Waiting to run
unix port / qemu_mips (push) Waiting to run
unix port / qemu_arm (push) Waiting to run
webassembly port / build (push) Waiting to run
windows port / build-vs (Debug, x64, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Debug, x64, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Debug, x86, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Debug, x86, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2019, dev, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2019, standard, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-2022, standard, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x64, windows-latest, standard, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2019, dev, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2019, standard, 2019, [16, 17)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2022, dev, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-2022, standard, 2022, [17, 18)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-latest, dev, 2017, [15, 16)) (push) Waiting to run
windows port / build-vs (Release, x86, windows-latest, standard, 2017, [15, 16)) (push) Waiting to run
windows port / build-mingw (i686, mingw32, dev) (push) Waiting to run
windows port / build-mingw (i686, mingw32, standard) (push) Waiting to run
windows port / build-mingw (x86_64, mingw64, dev) (push) Waiting to run
windows port / build-mingw (x86_64, mingw64, standard) (push) Waiting to run
windows port / cross-build-on-linux (push) Waiting to run
zephyr port / build (push) Waiting to run
Python code lint and formatting with ruff / ruff (push) Waiting to run
Fixes various null dereferencing, out-of-bounds memory accesses and `assert(0)` failures in the case of an invalid `uctypes` descriptor. By design `uctypes` can crash because it accesses arbitrary memory, but at least describing the descriptor layout should be forced to be correct and not crash. Fixes issue #12702. Signed-off-by: stijn <stijn@ignitron.net>
This commit is contained in:
stijn
Damien George
@@ -143,6 +143,10 @@ static inline mp_uint_t uctypes_struct_scalar_size(int val_type) {
|
|||||||
|
|
||||||
// Get size of aggregate type descriptor
|
// Get size of aggregate type descriptor
|
||||||
static mp_uint_t uctypes_struct_agg_size(mp_obj_tuple_t *t, int layout_type, mp_uint_t *max_field_size) {
|
static mp_uint_t uctypes_struct_agg_size(mp_obj_tuple_t *t, int layout_type, mp_uint_t *max_field_size) {
|
||||||
|
if (t->len == 0) {
|
||||||
|
syntax_error();
|
||||||
|
}
|
||||||
|
|
||||||
mp_uint_t total_size = 0;
|
mp_uint_t total_size = 0;
|
||||||
|
|
||||||
mp_int_t offset_ = MP_OBJ_SMALL_INT_VALUE(t->items[0]);
|
mp_int_t offset_ = MP_OBJ_SMALL_INT_VALUE(t->items[0]);
|
||||||
@@ -150,8 +154,15 @@ static mp_uint_t uctypes_struct_agg_size(mp_obj_tuple_t *t, int layout_type, mp_
|
|||||||
|
|
||||||
switch (agg_type) {
|
switch (agg_type) {
|
||||||
case STRUCT:
|
case STRUCT:
|
||||||
|
if (t->len != 2) {
|
||||||
|
syntax_error();
|
||||||
|
}
|
||||||
return uctypes_struct_size(t->items[1], layout_type, max_field_size);
|
return uctypes_struct_size(t->items[1], layout_type, max_field_size);
|
||||||
case PTR:
|
case PTR:
|
||||||
|
// Second field ignored, but should still be present for consistency.
|
||||||
|
if (t->len != 2) {
|
||||||
|
syntax_error();
|
||||||
|
}
|
||||||
if (sizeof(void *) > *max_field_size) {
|
if (sizeof(void *) > *max_field_size) {
|
||||||
*max_field_size = sizeof(void *);
|
*max_field_size = sizeof(void *);
|
||||||
}
|
}
|
||||||
@@ -167,15 +178,17 @@ static mp_uint_t uctypes_struct_agg_size(mp_obj_tuple_t *t, int layout_type, mp_
|
|||||||
if (item_s > *max_field_size) {
|
if (item_s > *max_field_size) {
|
||||||
*max_field_size = item_s;
|
*max_field_size = item_s;
|
||||||
}
|
}
|
||||||
} else {
|
} else if (t->len == 3) {
|
||||||
// Elements of array are aggregates
|
// Elements of array are aggregates
|
||||||
item_s = uctypes_struct_size(t->items[2], layout_type, max_field_size);
|
item_s = uctypes_struct_size(t->items[2], layout_type, max_field_size);
|
||||||
|
} else {
|
||||||
|
syntax_error();
|
||||||
}
|
}
|
||||||
|
|
||||||
return item_s * arr_sz;
|
return item_s * arr_sz;
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
assert(0);
|
syntax_error();
|
||||||
}
|
}
|
||||||
|
|
||||||
return total_size;
|
return total_size;
|
||||||
|
|||||||
@@ -43,8 +43,47 @@ assert uctypes.sizeof(S.arr4) == 6
|
|||||||
print(uctypes.sizeof(S.sub))
|
print(uctypes.sizeof(S.sub))
|
||||||
assert uctypes.sizeof(S.sub) == 1
|
assert uctypes.sizeof(S.sub) == 1
|
||||||
|
|
||||||
# invalid descriptor
|
# invalid descriptors
|
||||||
try:
|
try:
|
||||||
print(uctypes.sizeof([]))
|
print(uctypes.sizeof([]))
|
||||||
except TypeError:
|
except TypeError:
|
||||||
print("TypeError")
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof(()))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof(("garbage",)))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
# PTR * 3 is intended to be an invalid agg_type (STRUCT, PTR, ARRAY are valid ones).
|
||||||
|
print(uctypes.sizeof((uctypes.PTR * 3,)))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof((0, {}, "garbage")))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof((uctypes.PTR | 0,)))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof((uctypes.ARRAY | 0,)))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
try:
|
||||||
|
print(uctypes.sizeof((uctypes.ARRAY | 0, 1, {}, "garbage")))
|
||||||
|
except TypeError:
|
||||||
|
print("TypeError")
|
||||||
|
|
||||||
|
# empty descriptor
|
||||||
|
print(uctypes.sizeof({}))
|
||||||
|
|||||||
@@ -5,3 +5,11 @@ TypeError
|
|||||||
6
|
6
|
||||||
1
|
1
|
||||||
TypeError
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
TypeError
|
||||||
|
0
|
||||||
|
|||||||
@@ -45,9 +45,3 @@ assert uctypes.sizeof(S.arr4) == 6
|
|||||||
|
|
||||||
print(uctypes.sizeof(S.sub))
|
print(uctypes.sizeof(S.sub))
|
||||||
assert uctypes.sizeof(S.sub) == 1
|
assert uctypes.sizeof(S.sub) == 1
|
||||||
|
|
||||||
# invalid descriptor
|
|
||||||
try:
|
|
||||||
print(uctypes.sizeof([]))
|
|
||||||
except TypeError:
|
|
||||||
print("TypeError")
|
|
||||||
|
|||||||
@@ -4,4 +4,3 @@
|
|||||||
TypeError
|
TypeError
|
||||||
6
|
6
|
||||||
1
|
1
|
||||||
TypeError
|
|
||||||
|
|||||||
Reference in New Issue
Block a user