Issue #25659: Change assert to TypeError in from_buffer/_copy()

Based on suggestion by Eryk Sun.

Issue #25659: Change assert to TypeError in from_buffer/_copy()
Based on suggestion by Eryk Sun.
fd08fdc7 · Martin Panter · f75a2ebb · fd08fdc7 · fd08fdc7 · fd08fdc7
Commit fd08fdc7 authored Nov 20, 2016 by Martin Panter
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 4 deletions

Lib/ctypes/test/test_frombuffer.py Lib/ctypes/test/test_frombuffer.py +8 -0

Misc/NEWS Misc/NEWS +3 -0

Modules/_ctypes/_ctypes.c Modules/_ctypes/_ctypes.c +10 -4

No files found.
--- a/Lib/ctypes/test/test_frombuffer.py
+++ b/Lib/ctypes/test/test_frombuffer.py
@@ -77,5 +77,13 @@ class Test(unittest.TestCase):
        self.assertRaises(ValueError,
                          (c_int * 1).from_buffer_copy, a, 16 * sizeof(c_int))
+    def test_abstract(self):
+        self.assertRaises(TypeError, Array.from_buffer, bytearray(10))
+        self.assertRaises(TypeError, Structure.from_buffer, bytearray(10))
+        self.assertRaises(TypeError, Union.from_buffer, bytearray(10))
+        self.assertRaises(TypeError, Array.from_buffer_copy, b"123")
+        self.assertRaises(TypeError, Structure.from_buffer_copy, b"123")
+        self.assertRaises(TypeError, Union.from_buffer_copy, b"123")
 if __name__ == '__main__':
    unittest.main()
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -63,6 +63,9 @@ Core and Builtins
 Library
 -------
+- Issue #25659: In ctypes, prevent a crash calling the from_buffer() and
+  from_buffer_copy() methods on abstract classes like Array.
 - Issue #28563: Fixed possible DoS and arbitrary code execution when handle
  plural form selections in the gettext module.  The expression parser now
  supports exact syntax supported by GNU gettext.

--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -501,7 +501,10 @@ CDataType_from_buffer(PyObject *type, PyObject *args)
    Py_ssize_t offset = 0;
    PyObject *obj, *result;
    StgDictObject *dict = PyType_stgdict(type);
-    assert (dict);
+    if (!dict) {
+        PyErr_SetString(PyExc_TypeError, "abstract class");
+        return NULL;
+    }
    if (!PyArg_ParseTuple(args,
 #if (PY_VERSION_HEX < 0x02050000)
@@ -557,13 +560,16 @@ CDataType_from_buffer_copy(PyObject *type, PyObject *args)
    Py_ssize_t offset = 0;
    PyObject *obj, *result;
    StgDictObject *dict = PyType_stgdict(type);
-    assert (dict);
+    if (!dict) {
+        PyErr_SetString(PyExc_TypeError, "abstract class");
+        return NULL;
+    }
    if (!PyArg_ParseTuple(args,
 #if (PY_VERSION_HEX < 0x02050000)
-                          "O|i:from_buffer",
+                          "O|i:from_buffer_copy",
 #else
-                          "O|n:from_buffer",
+                          "O|n:from_buffer_copy",
 #endif
                          &obj, &offset))
        return NULL;