Skip to content

Potential Security Vulnerabilities: Type Mismatch in PyArg_ParseTuple for Size Parameter #1368

Open
@yhrscholar

Description

@yhrscholar

Description:

In pygit2/src/odb_backend.c, the C functions pgit_odb_backend_read and pgit_odb_backend_read_prefix are used as callbacks for libgit2's custom ODB backend mechanism.

The code passes the function parameter sz (which is of type size_t * ) as the argument intended to receive the size:

//pgit_odb_backend_read
if (!PyArg_ParseTuple(result, "ny#", &type_value, &bytes, sz) || !bytes) { ... }

//pgit_odb_backend_read_prefix
if (!PyArg_ParseTuple(result, "ny#O", &type_value, &bytes, sz, &py_oid_out) || !bytes) { ... }

This constitutes passing an incorrect pointer type (size_t * instead of Py_ssize_t *) to PyArg_ParseTuple.

Version

commit hash: cb10c2e

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions