gh-120378: Fix crash caused by integer overflow in curses

[ZeroIntensity]

This is actually an upstream problem in curses, and has been reported to them already. This is a nice workaround in the meantime to prevent the segfault.

• Issue: Segmentation Fault in _curses #120378

[ZeroIntensity]

cc @picnixz

[picnixz]

I'll have a look after sleeping a bit. By the way, instead of cc'ing me, you can just outright request a review from me when you know I've been active on the corresponding issue (I'll reject it if I deem myself not enough an expert).

[ZeroIntensity]

I'll have a look after sleeping a bit. By the way, instead of cc'ing me, you can just outright request a review from me when you know I've been active on the corresponding issue (I'll reject it if I deem myself not enough an expert).

I was under the impression that requesting a review didn't result in a notification, good to know!

[picnixz]

Does the resize_term function also suffer from the same issue?

[ZeroIntensity]

Does the resize_term function also suffer from the same issue?

It does, but it seems that this patch fixes the issue for both of them. I guess I'll test for it too.

[picnixz]

Ok, by the way I know why we export unconditionally the method. Actually, it would be a no-op if the method is not available (see the clinic generated code which does #define _CURSES_RESIZE_TERM_METHODDEF at the very end). So what I thought was wrong is actually fine.

[ZeroIntensity]

I think I fixed it by moving that test, anyway. Anything else to do here?

[picnixz]

I think I fixed it by moving that test, anyway. Anything else to do here?

No, nothing else to do! (at least AFAICT).

[ZeroIntensity]

Now, time to find a core dev to review this. I don't think we have anyone active that's worked much on curses, do we?

[picnixz]

No, but Victor has been reviewing my curses (and not my cursed) PRs so I think we can ask him.

[vstinner]

LGTM

[miss-islington-app]

Thanks @ZeroIntensity for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12, 3.13.
🐍🍒⛏🤖

[miss-islington-app]

Sorry, @ZeroIntensity and @vstinner, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c2ba931318280796a6dcc33d1a5c5c02ad4d035b 3.12

[bedevere-app]

GH-124905 is a backport of this pull request to the 3.13 branch.

[vstinner]

@ZeroIntensity: If you consider that backporting to 3.12 is worth it, would you mind to try to backport the change manually? The automated backport failed.

[vstinner]

PR merged, thank you @ZeroIntensity. I'm not really super happy about this workaround, but it seems like upstream is not responsive on this crash.

[ZeroIntensity]

@ZeroIntensity: If you consider that backporting to 3.12 is worth it, would you mind to try to backport the change manually? The automated backport failed.

Yeah, I can do that a little later today. It's odd that it worked for 3.13 but not 3.12, though.

[picnixz]

Yeah, I can do that a little later today. It's odd that it worked for 3.13 but not 3.12, though.

This could be a clinic issue (where the generator changed between 3.12 and 3.13 and introduced conflicts).

[bedevere-app]

GH-124911 is a backport of this pull request to the 3.12 branch.

[vstinner]

it seems like upstream is not responsive on this crash

Oh, the email was sent last week :-) So it's early to say that upstream is not responsive, sorry about that.