From 1d7b0f8e2ec2a4a6cb9c2b157e0c14bd5823e828 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Tue, 27 Jan 2026 14:19:26 +0200
Subject: [PATCH 1/2] gh-144206: Improve error messages for buffer overflow in
 fcntl.fcntl() and fcntl.ioctl()

---
 ...-01-27-14-23-10.gh-issue-144206.l0un4U.rst |  2 ++
 Modules/fcntlmodule.c                         | 31 ++++++++++++++++---
 2 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst

diff --git a/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst b/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst
new file mode 100644
index 00000000000000..eb21e27f50916c
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst
@@ -0,0 +1,2 @@
+Improve error messages for buffer overflow in :func:`fcntl.fcntl` and
+:fucn:`fcntl.ioctl`.
diff --git a/Modules/fcntlmodule.c b/Modules/fcntlmodule.c
index e373bf368813ac..ce636c574ed5ff 100644
--- a/Modules/fcntlmodule.c
+++ b/Modules/fcntlmodule.c
@@ -111,7 +111,11 @@ fcntl_fcntl_impl(PyObject *module, int fd, int code, PyObject *arg)
                 return !async_err ? PyErr_SetFromErrno(PyExc_OSError) : NULL;
             }
             if (memcmp(buf + len, guard, GUARDSZ) != 0) {
-                PyErr_SetString(PyExc_SystemError, "buffer overflow");
+                PyErr_SetString(PyExc_SystemError,
+                        "Possible stack corruption in fcntl() due to "
+                        "buffer overflow. "
+                        "Provide an argument of sufficient size as "
+                        "determined by the operation.");
                 return NULL;
             }
             return PyBytes_FromStringAndSize(buf, len);
@@ -139,7 +143,11 @@ fcntl_fcntl_impl(PyObject *module, int fd, int code, PyObject *arg)
                 return NULL;
             }
             if (ptr[len] != '\0') {
-                PyErr_SetString(PyExc_SystemError, "buffer overflow");
+                PyErr_SetString(PyExc_SystemError,
+                        "Memory corruption in fcntl() due to "
+                        "buffer overflow. "
+                        "Provide an argument of sufficient size as "
+                        "determined by the operation.");
                 PyBytesWriter_Discard(writer);
                 return NULL;
             }
@@ -264,7 +272,12 @@ fcntl_ioctl_impl(PyObject *module, int fd, unsigned long code, PyObject *arg,
                 }
                 PyBuffer_Release(&view);
                 if (ptr == buf && memcmp(buf + len, guard, GUARDSZ) != 0) {
-                    PyErr_SetString(PyExc_SystemError, "buffer overflow");
+                    PyErr_SetString(PyExc_SystemError,
+                            "Possible stack corruption in ioctl() due to "
+                            "buffer overflow. "
+                            "Provide a writable buffer argument of "
+                            "sufficient size as determined by "
+                            "the operation.");
                     return NULL;
                 }
                 return PyLong_FromLong(ret);
@@ -293,7 +306,11 @@ fcntl_ioctl_impl(PyObject *module, int fd, unsigned long code, PyObject *arg,
                 return !async_err ? PyErr_SetFromErrno(PyExc_OSError) : NULL;
             }
             if (memcmp(buf + len, guard, GUARDSZ) != 0) {
-                PyErr_SetString(PyExc_SystemError, "buffer overflow");
+                PyErr_SetString(PyExc_SystemError,
+                        "Possible stack corruption in ioctl() due to "
+                        "buffer overflow. "
+                        "Provide an argument of sufficient size as "
+                        "determined by the operation.");
                 return NULL;
             }
             return PyBytes_FromStringAndSize(buf, len);
@@ -321,7 +338,11 @@ fcntl_ioctl_impl(PyObject *module, int fd, unsigned long code, PyObject *arg,
                 return NULL;
             }
             if (ptr[len] != '\0') {
-                PyErr_SetString(PyExc_SystemError, "buffer overflow");
+                PyErr_SetString(PyExc_SystemError,
+                        "Memory corruption in ioctl() due to "
+                        "buffer overflow. "
+                        "Provide an argument of sufficient size as "
+                        "determined by the operation.");
                 PyBytesWriter_Discard(writer);
                 return NULL;
             }

From f3c04747d194731f2c236f6d9b58eb1229d8df48 Mon Sep 17 00:00:00 2001
From: Serhiy Storchaka <storchaka@gmail.com>
Date: Tue, 27 Jan 2026 14:46:40 +0200
Subject: [PATCH 2/2] Apply suggestion from @vstinner

Co-authored-by: Victor Stinner <vstinner@python.org>
---
 .../next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst b/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst
index eb21e27f50916c..1e16d28a756296 100644
--- a/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst
+++ b/Misc/NEWS.d/next/Library/2026-01-27-14-23-10.gh-issue-144206.l0un4U.rst
@@ -1,2 +1,2 @@
 Improve error messages for buffer overflow in :func:`fcntl.fcntl` and
-:fucn:`fcntl.ioctl`.
+:func:`fcntl.ioctl`.