Skip to content

gh-132629: Deprecate acception out of range values for unsigned integers in PyArg_Parse #132630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

gh-132629: Deprecate acception out of range values for unsigned integers in PyArg_Parse #132630

wants to merge 13 commits into from

Conversation

serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Apr 17, 2025
edited by github-actions bot
Loading

For unsigned integer formats in the PyArg_Parse* funcions, accepting Python integers with value that is larger than the maximal value the corresponding C type or less than the minimal value for the corresponding signed integer type is now deprecated.

📚 Documentation preview 📚: https://cpython-previews--132630.org.readthedocs.build/

@serhiy-storchaka
pythongh-132629: Deprecate acception out of range values for unsigned…
fbc7873 
… integers in PyArg_Parse

For unsigned integer formats in the PyArg_Parse* funcions,
accepting Python integers with value that is larger than
the maximal value the corresponding C type or less than
the minimal value for the corresponding signed integer type
is now deprecated.
@serhiy-storchaka serhiy-storchaka requested review from erlend-aasland and a team as code owners April 17, 2025 09:50
@bedevere-app bedevere-app bot mentioned this pull request Apr 17, 2025
Open
@serhiy-storchaka serhiy-storchaka mentioned this pull request Apr 17, 2025
Open
vstinner
vstinner reviewed Apr 23, 2025
View reviewed changes
vstinner
vstinner reviewed Apr 23, 2025
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to wait for Python 3.15 to introduce this new DeprecationWarning? I would prefer to avoid adding new warnings later in the 3.14 dev cycle.

I like the overall change :-)

@serhiy-storchaka
Copy link
Member Author

This is not a blocker. But the sooner we add warnings, the sooner we can turn them into errors.

Recently, you and me added many uses of unsigned integer converters in the socket addresses parsing code. This fixed errors, and allowed to pass values that exceed the limit of corresponding signed integer type, but made the new code more error prone, because passing value that exceeds the limit of an unsigned integer type does not lead to exception. This is the main reason I created that PR now. The idea I proposed a year ago: capi-workgroup/api-evolution#49.

vstinner
vstinner reviewed May 9, 2025
View reviewed changes
Doc/whatsnew/3.14.rst Outdated
the maximal value the corresponding C type or less than
the minimal value for the corresponding signed integer type
is now deprecated.
(Contributed by Serhiy Storchaka in :gh:`132629`.)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should move this entry to Doc/whatsnew/3.15.rst.

Tools/clinic/libclinic/converters.py Outdated
@@ -161,12 +161,19 @@ def parse_arg(self, argname: str, displayname: str, *, limited_capi: bool) -> st
elif self.format_unit == 'B':
return self.format_code("""
{{{{
unsigned long ival = PyLong_AsUnsignedLongMask({argname});
if (ival == (unsigned long)-1 && PyErr_Occurred()) {{{{
Py_ssize_t _bytes = PyLong_AsNativeBytes({argname}, &{paramname}, sizeof(unsigned char),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you factorize this code? It's copied 4 times. For example, write a function which returns this template, with an argument: the sizeof() argument.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, it is not the exactly the same. For unsigned long and unsigned long long it does additional check (historically).

But well, it can be factorized, and with recent changes in Argument Clinic, even more code can be factorized.

vstinner
vstinner reviewed May 16, 2025
View reviewed changes
Modules/fcntlmodule.c
@@ -3,7 +3,7 @@
// Need limited C API version 3.13 for PyLong_AsInt()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Need limited C API version 3.13 for PyLong_AsInt()
// Need limited C API version 3.14 for PyLong_AsNativeBytes() in AC code

vstinner
vstinner approved these changes May 16, 2025
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, event if I would prefer to also emit deprecation warnings for (any) negative value for unsigned types.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner approved these changes

@encukou encukou Awaiting requested review from encukou

@erlend-aasland erlend-aasland Awaiting requested review from erlend-aasland erlend-aasland is a code owner

Assignees
No one assigned
Labels
awaiting merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@serhiy-storchaka @vstinner