1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| | From 518c864805dd93e62d59439e665a0ce9d6778419 Mon Sep 17 00:00:00 2001
From: Ekin Dursun <ekindursun@gmail.com>
Date: Thu, 10 Mar 2022 22:06:48 +0300
Subject: [PATCH] mypyc: Fix overflow in id function (CPyTagged_Id)
In CPython, the id of an object is its address. It's computed by
converting the pointer to an unsigned integer (PyLong_FromVoidPtr). A
similar logic is present here, pointer is converted to a Py_ssize_t and
CPyTagged_FromSsize_t is called with that integer.
There is a problem with that approach: Py_ssize_t cannot hold every
pointer value. Sometimes overflow happens and CPyTagged_FromSsize_t is
called with a negative integer.
With the new approach, the number is checked: If it fits in a
Py_ssize_t, CPyTagged_FromSsize_t is called. If not, it is directly
converted to a PyObject using PyLong_FromVoidPtr.
---
mypyc/lib-rt/CPy.h | 1 +
mypyc/lib-rt/int_ops.c | 9 +++++++++
mypyc/lib-rt/misc_ops.c | 2 +-
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/mypyc/lib-rt/CPy.h b/mypyc/lib-rt/CPy.h
index 987819154ab..9f5ae52d4e4 100644
--- a/mypyc/lib-rt/CPy.h
+++ b/mypyc/lib-rt/CPy.h
@@ -121,6 +121,7 @@ static inline size_t CPy_FindAttrOffset(PyTypeObject *trait, CPyVTableItem *vtab
CPyTagged CPyTagged_FromSsize_t(Py_ssize_t value);
+CPyTagged CPyTagged_FromVoidPtr(void *ptr);
CPyTagged CPyTagged_FromObject(PyObject *object);
CPyTagged CPyTagged_StealFromObject(PyObject *object);
CPyTagged CPyTagged_BorrowFromObject(PyObject *object);
diff --git a/mypyc/lib-rt/int_ops.c b/mypyc/lib-rt/int_ops.c
index 1275f2c1057..edf06314161 100644
--- a/mypyc/lib-rt/int_ops.c
+++ b/mypyc/lib-rt/int_ops.c
@@ -26,6 +26,15 @@ CPyTagged CPyTagged_FromSsize_t(Py_ssize_t value) {
}
}
+CPyTagged CPyTagged_FromVoidPtr(void *ptr) {
+ if ((uintptr_t)ptr > PY_SSIZE_T_MAX) {
+ PyObject *object = PyLong_FromVoidPtr(ptr);
+ return ((CPyTagged)object) | CPY_INT_TAG;
+ } else {
+ return CPyTagged_FromSsize_t((Py_ssize_t)ptr);
+ }
+}
+
CPyTagged CPyTagged_FromObject(PyObject *object) {
int overflow;
// The overflow check knows about CPyTagged's width
diff --git a/mypyc/lib-rt/misc_ops.c b/mypyc/lib-rt/misc_ops.c
index cebd1cf997f..dcce89d9072 100644
--- a/mypyc/lib-rt/misc_ops.c
+++ b/mypyc/lib-rt/misc_ops.c
@@ -437,7 +437,7 @@ CPyPickle_GetState(PyObject *obj)
}
CPyTagged CPyTagged_Id(PyObject *o) {
- return CPyTagged_FromSsize_t((Py_ssize_t)o);
+ return CPyTagged_FromVoidPtr(o);
}
#define MAX_INT_CHARS 22
|