69 lines
2.5 KiB
Diff
69 lines
2.5 KiB
Diff
|
From 518c864805dd93e62d59439e665a0ce9d6778419 Mon Sep 17 00:00:00 2001
|
||
|
From: Ekin Dursun <ekindursun@gmail.com>
|
||
|
Date: Thu, 10 Mar 2022 22:06:48 +0300
|
||
|
Subject: [PATCH] mypyc: Fix overflow in id function (CPyTagged_Id)
|
||
|
|
||
|
In CPython, the id of an object is its address. It's computed by
|
||
|
converting the pointer to an unsigned integer (PyLong_FromVoidPtr). A
|
||
|
similar logic is present here, pointer is converted to a Py_ssize_t and
|
||
|
CPyTagged_FromSsize_t is called with that integer.
|
||
|
|
||
|
There is a problem with that approach: Py_ssize_t cannot hold every
|
||
|
pointer value. Sometimes overflow happens and CPyTagged_FromSsize_t is
|
||
|
called with a negative integer.
|
||
|
|
||
|
With the new approach, the number is checked: If it fits in a
|
||
|
Py_ssize_t, CPyTagged_FromSsize_t is called. If not, it is directly
|
||
|
converted to a PyObject using PyLong_FromVoidPtr.
|
||
|
---
|
||
|
mypyc/lib-rt/CPy.h | 1 +
|
||
|
mypyc/lib-rt/int_ops.c | 9 +++++++++
|
||
|
mypyc/lib-rt/misc_ops.c | 2 +-
|
||
|
3 files changed, 11 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/mypyc/lib-rt/CPy.h b/mypyc/lib-rt/CPy.h
|
||
|
index 987819154ab..9f5ae52d4e4 100644
|
||
|
--- a/mypyc/lib-rt/CPy.h
|
||
|
+++ b/mypyc/lib-rt/CPy.h
|
||
|
@@ -121,6 +121,7 @@ static inline size_t CPy_FindAttrOffset(PyTypeObject *trait, CPyVTableItem *vtab
|
||
|
|
||
|
|
||
|
CPyTagged CPyTagged_FromSsize_t(Py_ssize_t value);
|
||
|
+CPyTagged CPyTagged_FromVoidPtr(void *ptr);
|
||
|
CPyTagged CPyTagged_FromObject(PyObject *object);
|
||
|
CPyTagged CPyTagged_StealFromObject(PyObject *object);
|
||
|
CPyTagged CPyTagged_BorrowFromObject(PyObject *object);
|
||
|
diff --git a/mypyc/lib-rt/int_ops.c b/mypyc/lib-rt/int_ops.c
|
||
|
index 1275f2c1057..edf06314161 100644
|
||
|
--- a/mypyc/lib-rt/int_ops.c
|
||
|
+++ b/mypyc/lib-rt/int_ops.c
|
||
|
@@ -26,6 +26,15 @@ CPyTagged CPyTagged_FromSsize_t(Py_ssize_t value) {
|
||
|
}
|
||
|
}
|
||
|
|
||
|
+CPyTagged CPyTagged_FromVoidPtr(void *ptr) {
|
||
|
+ if ((uintptr_t)ptr > PY_SSIZE_T_MAX) {
|
||
|
+ PyObject *object = PyLong_FromVoidPtr(ptr);
|
||
|
+ return ((CPyTagged)object) | CPY_INT_TAG;
|
||
|
+ } else {
|
||
|
+ return CPyTagged_FromSsize_t((Py_ssize_t)ptr);
|
||
|
+ }
|
||
|
+}
|
||
|
+
|
||
|
CPyTagged CPyTagged_FromObject(PyObject *object) {
|
||
|
int overflow;
|
||
|
// The overflow check knows about CPyTagged's width
|
||
|
diff --git a/mypyc/lib-rt/misc_ops.c b/mypyc/lib-rt/misc_ops.c
|
||
|
index cebd1cf997f..dcce89d9072 100644
|
||
|
--- a/mypyc/lib-rt/misc_ops.c
|
||
|
+++ b/mypyc/lib-rt/misc_ops.c
|
||
|
@@ -437,7 +437,7 @@ CPyPickle_GetState(PyObject *obj)
|
||
|
}
|
||
|
|
||
|
CPyTagged CPyTagged_Id(PyObject *o) {
|
||
|
- return CPyTagged_FromSsize_t((Py_ssize_t)o);
|
||
|
+ return CPyTagged_FromVoidPtr(o);
|
||
|
}
|
||
|
|
||
|
#define MAX_INT_CHARS 22
|