Skip to content

Deprecate accepting out of range values for unsigned integers in PyArg_Parse #132629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
serhiy-storchaka opened this issue Apr 17, 2025 · 0 comments
Open

Deprecate accepting out of range values for unsigned integers in PyArg_Parse #132629

serhiy-storchaka opened this issue Apr 17, 2025 · 0 comments
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-C-API type-feature A feature request or enhancement

Comments

@serhiy-storchaka
Copy link
Member

serhiy-storchaka commented Apr 17, 2025
edited by bedevere-app bot
Loading

Feature or enhancement

For unsigned integer formats (B, H, I, k, K) in PyArg_Parse, there is no overflow check. If the Python integer value is out of range of the corresponding C type, only the lowest bits are stored, and the higher bits are silently dropped. There are two reasons for this:

  • The signess of the C type accepted by the C API (like uid_t, etc) is not always known. We need to accept values that fit in corresponding both signed and unsigned C types.
  • Even if the type is unsigned, some small negative integers (casted to the unsigned tyep) can have special meaning. It is convenient if we can pass -1 instead of 0xffff_ffff or 0xffff_ffff_ffff_ffff, depending on platform.

But values that cannot be represented neither in unsigned not in signed C type, are obviously invalid. Silently accepting them can provoke bugs.

At first, I propose to emit a deprecation warning for such values. Later they will became errors.

Linked PRs
@serhiy-storchaka serhiy-storchaka added 3.14 bugs and security fixes topic-C-API type-feature A feature request or enhancement labels Apr 17, 2025
serhiy-storchaka added a commit to serhiy-storchaka/cpython that referenced this issue Apr 17, 2025
@serhiy-storchaka
pythongh-132629: Deprecate acception out of range values for unsigned…
fbc7873 
… integers in PyArg_Parse

For unsigned integer formats in the PyArg_Parse* funcions,
accepting Python integers with value that is larger than
the maximal value the corresponding C type or less than
the minimal value for the corresponding signed integer type
is now deprecated.
@bedevere-app bedevere-app bot mentioned this issue Apr 17, 2025
Open
@picnixz picnixz added interpreter-core (Objects, Python, Grammar, and Parser dirs) and removed 3.14 bugs and security fixes labels Apr 17, 2025
@serhiy-storchaka serhiy-storchaka mentioned this issue Apr 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-C-API type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@serhiy-storchaka @picnixz