py/objint_longlong: Add overflow checks to strtoll() result.

projectgus · projectgus · commit 1b83f0cb04ca · 2025-03-19T11:22:11.000+11:00
This relies on errno unfortunately, but there's no other way to
disambiguate MAX_LONGLONG and an out of range value (apart from manually
re-implementing strtoll).

Includes some test workarounds to account for things which now overflow:

- uctypes_array_load_store test was failing already, now won't parse.
- all the ffi_int tests contain 64-bit unsigned values, that won't parse
  as long long.

This work was funded through GitHub Sponsors.

Signed-off-by: Angus Gratton &lt;angus@redyak.com.au&gt;
Signed-off-by: Angus Gratton &lt;angus@redyak.com.au&gt;
diff --git a/py/objint_longlong.c b/py/objint_longlong.c
@@ -25,6 +25,7 @@
  * THE SOFTWARE.
  */
 
+#include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -265,19 +266,20 @@ mp_obj_t mp_obj_new_int_from_ll(long long val) {
 }
 
 mp_obj_t mp_obj_new_int_from_ull(unsigned long long val) {
-    // TODO raise an exception if the unsigned long long won't fit
     if (val >> (sizeof(unsigned long long) * 8 - 1) != 0) {
         mp_raise_msg(&mp_type_OverflowError, MP_ERROR_TEXT("ulonglong too large"));
     }
     return mp_obj_new_int_from_ll(val);
 }
 
 mp_obj_t mp_obj_new_int_from_str_len(const char **str, size_t len, bool neg, unsigned int base) {
-    // TODO check overflow
     char temp_buf[65]; // Large enough to hold 64-bit base 2 str + NUL terminating byte
     const char *head = *str;
     char *endptr;
-    long long parsed = strtoll(head, &endptr, base);
+    long long parsed;
+
+    errno = 0;
+    parsed = strtoll(head, &endptr, base);
 
     // If 'str' is not properly terminated and has valid digits all through
     // and after the buffer, then strtoll will have walked off the end
@@ -290,18 +292,24 @@ mp_obj_t mp_obj_new_int_from_str_len(const char **str, size_t len, bool neg, uns
         if (len < sizeof(temp_buf)) {
             memcpy(temp_buf, head, len);
             temp_buf[len] = 0;
+            errno = 0;
             parsed = strtoll(temp_buf, &endptr, base);
-            assert(endptr == temp_buf + len); // The first strtoll() checked all digits are valid
+            assert(errno != 0 || endptr == temp_buf + len); // The first strtoll() checked all digits are valid
             endptr = (char *)head + len;
         }
         // (if str doesn't fit in temp_buf, will fall through and fail below)
     }
 
+    if (errno != 0) {
+        return mp_const_none; // Conversion failed, caller should raise OverflowError
+    }
+
     if (neg) {
         parsed *= -1;
     }
 
     mp_obj_t result = mp_obj_new_int_from_ll(parsed);
+
     // If endptr isn't (head + len) then string contained invalid chars, caller should fail
     *str = endptr;
     return result;
diff --git a/tests/extmod/uctypes_array_load_store.py b/tests/extmod/uctypes_array_load_store.py
@@ -6,6 +6,13 @@
     print("SKIP")
     raise SystemExit
 
+# 'int' needs to be able to represent UINT64 for this test
+try:
+    int("FF" * 8, 16)
+except ValueError:
+    print("SKIP")
+    raise SystemExit
+
 N = 5
 
 for endian in ("NATIVE", "LITTLE_ENDIAN", "BIG_ENDIAN"):
diff --git a/tests/run-tests.py b/tests/run-tests.py
@@ -870,7 +870,11 @@ def run_one_test(test_file):
             or args.emit == "native"
         )
         is_endian = test_name.endswith("_endian")
-        is_int_big = test_name.startswith("int_big") or test_name.endswith("_intbig")
+        is_int_big = (
+            test_name.startswith("int_big")
+            or test_name.endswith("_intbig")
+            or test_name.startswith("ffi_int")  # these tests contain large integer literals
+        )
         is_int_64 = test_name.startswith("int_64") or test_name.endswith("_int64")
         is_bytearray = test_name.startswith("bytearray") or test_name.endswith("_bytearray")
         is_set_type = test_name.startswith(("set_", "frozenset")) or test_name.endswith("_set")
