Issue #12881: ctypes: Fix segfault with large structure field names.
diff --git a/Lib/ctypes/test/test_structures.py b/Lib/ctypes/test/test_structures.py
index a84bae0..1bde101 100644
--- a/Lib/ctypes/test/test_structures.py
+++ b/Lib/ctypes/test/test_structures.py
@@ -332,6 +332,18 @@
else:
self.assertEqual(msg, "(Phone) exceptions.TypeError: too many initializers")
+ def test_huge_field_name(self):
+ # issue12881: segfault with large structure field names
+ def create_class(length):
+ class S(Structure):
+ _fields_ = [('x' * length, c_int)]
+
+ for length in [10 ** i for i in range(0, 8)]:
+ try:
+ create_class(length)
+ except MemoryError:
+ # MemoryErrors are OK, we just don't want to segfault
+ pass
def get_except(self, func, *args):
try:
diff --git a/Misc/NEWS b/Misc/NEWS
index ddcbde1..68d32a6 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -210,6 +210,8 @@
Extension Modules
-----------------
+- Issue #12881: ctypes: Fix segfault with large structure field names.
+
- Issue #13013: ctypes: Fix a reference leak in PyCArrayType_from_ctype.
Thanks to Suman Saha for finding the bug and providing a patch.
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
index 4d4ecc4..773233f 100644
--- a/Modules/_ctypes/stgdict.c
+++ b/Modules/_ctypes/stgdict.c
@@ -508,13 +508,19 @@
}
len = strlen(fieldname) + strlen(fieldfmt);
- buf = alloca(len + 2 + 1);
+ buf = PyMem_Malloc(len + 2 + 1);
+ if (buf == NULL) {
+ Py_DECREF(pair);
+ PyErr_NoMemory();
+ return -1;
+ }
sprintf(buf, "%s:%s:", fieldfmt, fieldname);
ptr = stgdict->format;
stgdict->format = _ctypes_alloc_format_string(stgdict->format, buf);
PyMem_Free(ptr);
+ PyMem_Free(buf);
if (stgdict->format == NULL) {
Py_DECREF(pair);