From bc129f1b84cc05ad92e6743b4f298e8aea5cbe50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9a=20Saviot?= Date: Fri, 22 Nov 2019 10:07:08 +0100 Subject: [PATCH] py/qstr: Raise exception in qstr_from_strn if str to intern is too long. The string length being longer than the allowed qstr length can happen in many locations, for example in the parser with very long variable names. Without an explicit check that the length is within range (as done in this patch) the code would exhibit crashes and strange behaviour with truncated strings. --- py/qstr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/py/qstr.c b/py/qstr.c index e6f86401a..29ffcae40 100644 --- a/py/qstr.c +++ b/py/qstr.c @@ -31,6 +31,7 @@ #include "py/mpstate.h" #include "py/qstr.h" #include "py/gc.h" +#include "py/runtime.h" // NOTE: we are using linear arrays to store and search for qstr's (unique strings, interned strings) // ultimately we will replace this with a static hash table of some kind @@ -192,12 +193,17 @@ qstr qstr_from_str(const char *str) { } qstr qstr_from_strn(const char *str, size_t len) { - assert(len < (1 << (8 * MICROPY_QSTR_BYTES_IN_LEN))); QSTR_ENTER(); qstr q = qstr_find_strn(str, len); if (q == 0) { // qstr does not exist in interned pool so need to add it + // check that len is not too big + if (len >= (1 << (8 * MICROPY_QSTR_BYTES_IN_LEN))) { + QSTR_EXIT(); + mp_raise_msg(&mp_type_RuntimeError, "name too long"); + } + // compute number of bytes needed to intern this string size_t n_bytes = MICROPY_QSTR_BYTES_IN_HASH + MICROPY_QSTR_BYTES_IN_LEN + len + 1;