Gh-142174: Explicitly disallow `_as_parameter_` returning tuples#142175

ZeroIntensity · 2025-12-02T12:44:05Z

This test already passes on main.

ZeroIntensity · 2025-12-02T12:41:27Z

Please don't put your name in the filename. If you'd like to get credit, you can add something like "Patch by Your Name." at the end of the entry.

ZeroIntensity · 2025-12-02T12:42:09Z

Extra newline.

picnixz · 2025-12-03T17:41:52Z

This NEWS entry is too verbose and if returning tuples from _as_parameter_ wasn't already supported and the change is only a redundant comment removal, then no NEWS is needed.

picnixz · 2025-12-03T17:37:40Z

This is not a good check IMO. This shouldn't be checked at this level, it should ConvParam that should be responsible (and the recursive call should be enough). I don't unedrstand why we have this additional check here.

ZeroIntensity · 2025-12-02T12:40:32Z

Hmm, this looks unrelated as well.

ZeroIntensity · 2025-12-02T12:39:32Z

This looks unrelated to this change and is incorrect. tstate and tstate->interp are never NULL here.

-Original file line number
+Diff line change
@@ Expand Up / @@ -297,6 +297,20 @@ def from_param(cls, value): @@
  self.assertEqual(trace, [1, 2, 3, 4, 5])
+ def test_as_parameter_tuple(self):
+ class Dangerous(object):
+ @property
+ def _as_parameter_(self):
+ return ('i', 42)
+ func = CDLL(_ctypes_test.__file__)._testfunc_p_p
+ func.restype = c_int
+ # func.argtypes = [c_void_p] # Do not set argtypes to force default conversion
+ # Should raise ArgumentError because tuples are not supported in default conversion
+ with self.assertRaisesRegex(ArgumentError, "argument 1: TypeError: Don't know how to convert parameter 1"):
+ func(Dangerous(), 0)
 if __name__ == '__main__':
  unittest.main()

Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@

Copy link Member ZeroIntensityDec 2, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Extra newline.
		Analysis confirms that :mod:`ctypes` does not support returning tuples from ``_as_parameter_`` for default conversions. Attempting to do so raises a :exc:`TypeError` (wrapped in a ``ctypes.ArgumentError``), meaning the described security risk does not exist in the current codebase.
Copy link Member picnixzDec 3, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. This NEWS entry is too verbose and if returning tuples from `_as_parameter_` wasn't already supported and the change is only a redundant comment removal, then no NEWS is needed.

-Original file line number
+Diff line change
@@ Expand Up / @@ -620,9 +620,6 @@ PyType_Spec carg_spec ={ @@
  * by value, or a 2-tuple or 3-tuple which will be used according
  * to point 2 above. The third item (if any), is ignored. It is normally
  * used to keep the object alive where this parameter refers to.
- * XXX This convention is dangerous - you can construct arbitrary tuples
- * in Python and pass them. Would it be safer to use a custom container
- * datatype instead of a tuple?
  *
  * 4. Other Python objects cannot be passed as parameters - an exception is raised.
  *
@@ Expand DownExpand Up / @@ -742,6 +739,13 @@ static int ConvParam(ctypes_state *st, @@
  attribute)
  */
  if (arg){
+ if (PyTuple_Check(arg) || PyList_Check(arg)){
+ Py_DECREF(arg);
+ PyErr_Format(PyExc_TypeError,
+ "Don't know how to convert parameter %d",
+ Py_SAFE_DOWNCAST(index, Py_ssize_t, int));
+ return -1;
+ }
  int result;
  result = ConvParam(st, arg, index, pa);
  Py_DECREF(arg);
@@ Expand DownExpand Up / @@ -1512,7 +1516,7 @@ static void *libsystem_b_handle; @@
 static bool (*_dyld_shared_cache_contains_path)(const char *path);
 __attribute__((constructor)) void load_dyld_shared_cache_contains_path(void){
- libsystem_b_handle = dlopen("/usr/lib/libSystem.B.dylib", RTLD_LAZY);
+ libsystem_b_handle = dlopen("/usr/lib/libSystem.B.dylib", RTLD_LAZY | RTLD_GLOBAL);
  if (libsystem_b_handle != NULL){
  _dyld_shared_cache_contains_path = dlsym(libsystem_b_handle, "_dyld_shared_cache_contains_path");
  }
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -91,7 +91,9 @@ reftotal_add(PyThreadState *tstate, Py_ssize_t n) @@
  Py_ssize_t reftotal = tstate_impl->reftotal + n;
  _Py_atomic_store_ssize_relaxed(&tstate_impl->reftotal, reftotal);
 #else
- REFTOTAL(tstate->interp) += n;
+ if (tstate && tstate->interp){
+ REFTOTAL(tstate->interp) += n;
+ }
 #endif
 }
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Gh-142174: Explicitly disallow `_as_parameter_` returning tuples#142175

Uh oh!

Diff view

Diff view

There are no files selected for viewing

ZeroIntensityDec 2, 2025

Uh oh!

ZeroIntensityDec 2, 2025

Uh oh!

ZeroIntensityDec 2, 2025

Uh oh!

picnixzDec 3, 2025

Uh oh!

picnixzDec 3, 2025•
edited
Loading

Uh oh!

ZeroIntensityDec 2, 2025

Uh oh!

ZeroIntensityDec 2, 2025

Uh oh!

Uh oh!

Uh oh!

Gh-142174: Explicitly disallow _as_parameter_ returning tuples#142175

Uh oh!

Gh-142174: Explicitly disallow _as_parameter_ returning tuples #142175

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

ZeroIntensityDec 2, 2025

Choose a reason for hiding this comment

Uh oh!

ZeroIntensityDec 2, 2025

Choose a reason for hiding this comment

Uh oh!

ZeroIntensityDec 2, 2025

Choose a reason for hiding this comment

Uh oh!

picnixzDec 3, 2025

Choose a reason for hiding this comment

Uh oh!

picnixzDec 3, 2025• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

ZeroIntensityDec 2, 2025

Choose a reason for hiding this comment

Uh oh!

ZeroIntensityDec 2, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Gh-142174: Explicitly disallow `_as_parameter_` returning tuples#142175

Gh-142174: Explicitly disallow `_as_parameter_` returning tuples #142175

picnixzDec 3, 2025•
edited
Loading