summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Blake <eblake@redhat.com>2012-03-30 12:03:20 -0600
committerEric Blake <eblake@redhat.com>2012-03-31 09:16:00 -0600
commit8228a55140f0dac5ddb1e4d78dc899d428e1e07b (patch)
tree0d156a3ee3d7897b9b3cc622df2f231236a8588d
parente967d582f973a4f37db1526f5e455ea643294740 (diff)
downloadlibvirt-python-split-8228a55140f0dac5ddb1e4d78dc899d428e1e07b.tar.gz
libvirt-python-split-8228a55140f0dac5ddb1e4d78dc899d428e1e07b.tar.xz
libvirt-python-split-8228a55140f0dac5ddb1e4d78dc899d428e1e07b.zip
python: improve conversion validationv0.9.11
Laszlo Ersek pointed out that in trying to convert a long to an unsigned int, we used: long long_val = ...; if ((unsigned int)long_val == long_val) According to C99 integer promotion rules, the if statement is equivalent to: (unsigned long)(unsigned int)long_val == (unsigned long)long_val since you get an unsigned comparison if at least one side is unsigned, using the largest rank of the two sides; but on 32-bit platforms, where unsigned long and unsigned int are the same size, this comparison is always true and ends up converting negative long_val into posigive unsigned int values, rather than rejecting the negative value as we had originally intended (python longs are unbounded size, and we don't want to do silent modulo arithmetic when converting to C code). Fix this by using direct comparisons, rather than casting. * python/typewrappers.c (libvirt_intUnwrap, libvirt_uintUnwrap) (libvirt_ulongUnwrap, libvirt_ulonglongUnwrap): Fix conversion checks.
-rw-r--r--typewrappers.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/typewrappers.c b/typewrappers.c
index af209e6..026cb6b 100644
--- a/typewrappers.c
+++ b/typewrappers.c
@@ -132,7 +132,7 @@ libvirt_intUnwrap(PyObject *obj, int *val)
if ((long_val == -1) && PyErr_Occurred())
return -1;
- if ((int)long_val == long_val) {
+ if (long_val >= INT_MIN && long_val <= INT_MAX) {
*val = long_val;
} else {
PyErr_SetString(PyExc_OverflowError,
@@ -151,7 +151,7 @@ libvirt_uintUnwrap(PyObject *obj, unsigned int *val)
if ((long_val == -1) && PyErr_Occurred())
return -1;
- if ((unsigned int)long_val == long_val) {
+ if (long_val >= 0 && long_val <= UINT_MAX) {
*val = long_val;
} else {
PyErr_SetString(PyExc_OverflowError,
@@ -183,7 +183,13 @@ libvirt_ulongUnwrap(PyObject *obj, unsigned long *val)
if ((long_val == -1) && PyErr_Occurred())
return -1;
- *val = long_val;
+ if (long_val >= 0) {
+ *val = long_val;
+ } else {
+ PyErr_SetString(PyExc_OverflowError,
+ "negative Python int cannot be converted to C unsigned long");
+ return -1;
+ }
return 0;
}
@@ -207,16 +213,23 @@ int
libvirt_ulonglongUnwrap(PyObject *obj, unsigned long long *val)
{
unsigned long long ullong_val = -1;
+ long long llong_val;
/* The PyLong_AsUnsignedLongLong doesn't check the type of
* obj, only accept argument of PyLong_Type, so we check it instead.
*/
- if (PyInt_Check(obj))
- ullong_val = PyInt_AsLong(obj);
- else if (PyLong_Check(obj))
+ if (PyInt_Check(obj)) {
+ llong_val = PyInt_AsLong(obj);
+ if (llong_val < 0)
+ PyErr_SetString(PyExc_OverflowError,
+ "negative Python int cannot be converted to C unsigned long long");
+ else
+ ullong_val = llong_val;
+ } else if (PyLong_Check(obj)) {
ullong_val = PyLong_AsUnsignedLongLong(obj);
- else
+ } else {
PyErr_SetString(PyExc_TypeError, "an integer is required");
+ }
if ((ullong_val == -1) && PyErr_Occurred())
return -1;