You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Modules/_ctypes/callproc.c contained a comment (marked XXX) stating that as_parameter
allows constructing arbitrary tuples and passing them, describing this convention as "dangerous".
Analysis confirms that ctypes
does not support returning tuples from as_parameter for default conversions. Attempting to do so raises a "TypeError" (wrapped in an ArgumentError), meaning the described security risk does not exist in the current codebase.
Bug report
Bug description:
Modules/_ctypes/callproc.ccontained a comment (marked XXX) stating that as_parameterallows constructing arbitrary tuples and passing them, describing this convention as "dangerous".
Analysis confirms that
ctypesdoes not support returning tuples from as_parameter for default conversions. Attempting to do so raises a "TypeError" (wrapped in an ArgumentError), meaning the described security risk does not exist in the current codebase.
CPython versions tested on:
3.13
Operating systems tested on:
macOS
Linked PRs
_as_parameter_returning tuples #142175