py/modstruct: Check and prevent buffer-read overflow in struct unpacking

Prior to this patch, the size of the buffer given to unpack/unpack_from was checked for being too small by using the count of the arguments, not their actual size. For example, a format spec of '4I' would only check that there was 4 bytes available, not 16; and 'I' would check for 1 byte, not 4. This bug is fixed in this patch by calculating the total size of the format spec at the start of the unpacking function. This function anyway needs to calculate the number of items at the start, so calculating the total size can be done at the same time.
2025-08-30 14:30:36 +02:00 · 2017-09-01 10:53:29 +10:00
parent 793d826d9d
commit 79d5acbd01
3 changed files with 38 additions and 29 deletions
--- a/tests/basics/struct2.py
+++ b/tests/basics/struct2.py
@@ -25,6 +25,12 @@ print(struct.calcsize('0s1s0H2H'))
 print(struct.unpack('<0s1s0H2H', b'01234'))
 print(struct.pack('<0s1s0H2H', b'abc', b'abc', 258, 515))

+# check that we get an error if the buffer is too small
+try:
+    struct.unpack('2H', b'\x00\x00')
+except:
+    print('Exception')
+
 # check that unknown types raise an exception
 try:
    struct.unpack('z', b'1')