Skip to content

Potential Security Vulnerabilities: Type Mismatch in PyArg_ParseTuple for Size Parameter #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yhrscholar opened this issue Apr 23, 2025 · 0 comments
Open

Potential Security Vulnerabilities: Type Mismatch in PyArg_ParseTuple for Size Parameter #1368

yhrscholar opened this issue Apr 23, 2025 · 0 comments

Comments

@yhrscholar
Copy link

Description:

In pygit2/src/odb_backend.c, the C functions pgit_odb_backend_read and pgit_odb_backend_read_prefix are used as callbacks for libgit2's custom ODB backend mechanism.

The code passes the function parameter sz (which is of type size_t * ) as the argument intended to receive the size:

//pgit_odb_backend_read
if (!PyArg_ParseTuple(result, "ny#", &type_value, &bytes, sz) || !bytes) { ... }

//pgit_odb_backend_read_prefix
if (!PyArg_ParseTuple(result, "ny#O", &type_value, &bytes, sz, &py_oid_out) || !bytes) { ... }

This constitutes passing an incorrect pointer type (size_t * instead of Py_ssize_t *) to PyArg_ParseTuple.

Version

commit hash: cb10c2e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@yhrscholar