Numeric overflow in builtin function xrange - ebranca/owasp-pysec GitHub Wiki

Classification

  • Affected Components : builtin

  • Operating System : Linux

  • Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x

  • Reproducible : Yes

Source code

import sys

N = 2 ** 63

for n in xrange(N):
    print n

sys.exit(0)

Steps to Produce/Reproduce

To reproduce the problem copy the source code in a file and execute the script using the following command syntax:

$ python -OOBRtt test.py

Alternatively you can open python in interactive mode:

$ python -OOBRtt <press enter>

Then copy the lines of code into the interpreter.

Description

The execution of the test code will produce an Overflow error as the object we are trying to load is bigger than the maximum object supported natively by the operating system.

Traceback (most recent call last):
  File "test.py", line 5, in <module>
    for n in xrange(N):
OverflowError: Python int too large to convert to C long

Even if this behaviour is "by design" and expected, this condition is not detected by the interpreter and a numeric overflow is generated by the python core libraries.

This happens because xrange uses "Plain Integer Objects" created by the OS and cannot accept objects of arbitrary length.

The problem of numeric length can be easily solved by using python "long integer object“, the underlying problem of the numeric Overflow must be fixed in the core libraries.

Workaround

We are not aware on any easy solution other than trying to avoid using 'xrange' in cases like the one examined.

But a PERMANENT SOLUTION is available, just use python "long integer object“ that will allow numbers of arbitrary length as the limit will be the system's memory.

Secure Implementation

WORK IN PROGRESS

References

[Python builtins][01] [01]:https://docs.python.org/2/library/functions.html

Main site: pythonsecurity.org

OWASP Page: owasp.org/index.php/OWASP_Python_Security_Project

⚠️ **GitHub.com Fallback** ⚠️