python
diff --git a/‎Lib/test/test_kqueue.py‎
Lines changed: 24 additions & 0 deletions b/‎Lib/test/test_kqueue.py‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎Misc/NEWS.d/next/Library/2017-10-12-19-00-53.bpo-30058.cENtry.rst‎
Lines changed: 1 addition & 0 deletions b/‎Misc/NEWS.d/next/Library/2017-10-12-19-00-53.bpo-30058.cENtry.rst‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Modules/selectmodule.c‎
Lines changed: 13 additions & 16 deletions b/‎Modules/selectmodule.c‎
Lines changed: 13 additions & 16 deletions
@@ -208,6 +208,30 @@ def testPair(self):
  b.close()
  kq.close()
 
+ def test_issue30058(self):
+ # changelist must be an iterable
+ kq = select.kqueue()
+ a, b = socket.socketpair()
+ ev = select.kevent(a, select.KQ_FILTER_READ, select.KQ_EV_ADD | select.KQ_EV_ENABLE)
+
+ kq.control([ev], 0)
+ # not a list
+ kq.control((ev,), 0)
+ # __len__ is not consistent with __iter__
+ class BadList:
+ def __len__(self):
+ return 0
+ def __iter__(self):
+ for i in range(100):
+ yield ev
+ kq.control(BadList(), 0)
+ # doesn't have __len__
+ kq.control(iter([ev]), 0)
+
+ a.close()
+ b.close()
+ kq.close()
+
  def test_close(self):
  open_file = open(__file__, "rb")
  self.addCleanup(open_file.close)
 
@@ -0,0 +1 @@
+Fixed buffer overflow in select.kqueue.control().
@@ -2102,7 +2102,7 @@ kqueue_queue_control(kqueue_queue_Object *self, PyObject *args)
  int i = 0;
  PyObject *otimeout = NULL;
  PyObject *ch = NULL;
- PyObject *it = NULL, *ei = NULL;
+ PyObject *seq = NULL, *ei = NULL;
  PyObject *result = NULL;
  struct kevent *evl = NULL;
  struct kevent *chl = NULL;
@@ -2148,37 +2148,34 @@ kqueue_queue_control(kqueue_queue_Object *self, PyObject *args)
  }
 
  if (ch != NULL && ch != Py_None) {
- it = PyObject_GetIter(ch);
- if (it == NULL) {
- PyErr_SetString(PyExc_TypeError,
- "changelist is not iterable");
+ seq = PySequence_Fast(ch, "changelist is not iterable");
+ if (seq == NULL) {
  return NULL;
  }
- nchanges = PyObject_Size(ch);
- if (nchanges < 0) {
+ if (PySequence_Fast_GET_SIZE(seq) > INT_MAX) {
+ PyErr_SetString(PyExc_OverflowError,
+ "changelist is too long");
  goto error;
  }
+ nchanges = (int)PySequence_Fast_GET_SIZE(seq);
 
  chl = PyMem_New(struct kevent, nchanges);
  if (chl == NULL) {
  PyErr_NoMemory();
  goto error;
  }
- i = 0;
- while ((ei = PyIter_Next(it)) != NULL) {
+ for (i = 0; i < nchanges; ++i) {
+  ei = PySequence_Fast_GET_ITEM(seq, i);
  if (!kqueue_event_Check(ei)) {
- Py_DECREF(ei);
  PyErr_SetString(PyExc_TypeError,
  "changelist must be an iterable of "
  "select.kevent objects");
  goto error;
- } else {
- chl[i++] = ((kqueue_event_Object *)ei)->e;
  }
- Py_DECREF(ei);
+ chl[i] = ((kqueue_event_Object *)ei)->e;
  }
+ Py_CLEAR(seq);
  }
- Py_CLEAR(it);
 
  /* event list */
  if (nevents) {
@@ -2246,15 +2243,15 @@ kqueue_queue_control(kqueue_queue_Object *self, PyObject *args)
  PyMem_Free(chl);
  PyMem_Free(evl);
  Py_XDECREF(result);
- Py_XDECREF(it);
+ Py_XDECREF(seq);
  return NULL;
 }
 
 PyDoc_STRVAR(kqueue_queue_control_doc,
 "control(changelist, max_events[, timeout=None]) -> eventlist\n\
 \n\
 Calls the kernel kevent function.\n\
-- changelist must be a list of kevent objects describing the changes\n\
+- changelist must be an iterable of kevent objects describing the changes\n\
  to be made to the kernel's watch list or None.\n\
 - max_events lets you specify the maximum number of events that the\n\
  kernel will return.\n\
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fixed buffer overflow in select.kqueue.control().`