classification
Title: getaddrinfo segfaults on OS X when provided with invalid arguments combinations
Type: crash Stage: needs patch
Components: Library (Lib), Macintosh Versions: Python 3.4, Python 3.2, Python 3.3, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: ronaldoussoren Nosy List: benjamin.peterson, georg.brandl, haypo, larry, ned.deily, python-dev, ronaldoussoren, skrah, terry.reedy, tibbe
Priority: release blocker Keywords: needs review, patch

Created on 2013-02-21 23:31 by tibbe, last changed 2013-06-11 16:01 by ronaldoussoren. This issue is now closed.

Files
File name Uploaded Description Edit
issue17269.txt ronaldoussoren, 2013-02-22 07:17 review
issue17269-with-tests.txt ronaldoussoren, 2013-04-23 12:42 review
Messages (15)
msg182615 - (view) Author: Johan Tibell (tibbe) Date: 2013-02-21 23:31
The following call to getaddrinfo makes Python segfault:

$ python
Python 2.7.2 (default, Jun 20 2012, 16:23:33) 
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.getaddrinfo("localhost", None, 0, 0, 0, socket.AI_NUMERICSERV)
Segmentation fault: 11

The combination of no port (None) and socket.AI_NUMERICSERV makes no sense (I used it by mistake) but we probably don't want to segfault anyway.
msg182617 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2013-02-21 23:35
Linux manual page: "If  AI_NUMERICSERV  is  specified  in hints.ai_flags and service is not NULL, then service must point to a string containing a numeric port number."

So it looks like None is accepted on Linux. I checked: the example doesn't crash.
msg182619 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2013-02-22 01:00
The crash occurs in OS X's libsystem_info on 10.8.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_info.dylib          	0x00007fff86bacd9e mdns_addrinfo + 299
1   libsystem_info.dylib          	0x00007fff86badae2 search_addrinfo + 152
2   libsystem_info.dylib          	0x00007fff86b97f6d si_addrinfo + 1641
3   libsystem_info.dylib          	0x00007fff86b9785c getaddrinfo + 171
4   _socket.so                    	0x0000000100516524 socket_getaddrinfo + 500

It's also reproducible back on OS X 10.6 crashing there in libSystem. (It looks like earlier versions of OS X don't support the AI_NUMERICSERV flag.)  So it would appear to be a long-standing OS X bug.  Possible actions: open an Apple incident and patch socket.getaddrinfo to catch this case.
msg182652 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-02-22 06:58
Looks like a bug in libSystem, see mdns_addrinfo in <http://www.opensource.apple.com/source/Libinfo/Libinfo-406.17/lookup.subproj/mdns_module.c>. Its handling of AI_NUMERICSERV doesn't match that of si_getaddrinfo.c at the same location.

I'll file a bug with Apple, anyone running into this problem migh want to do so as well (Apple's tracker is more or less a popularity contest, the more an issue is report, the more likely it is to get fixed).

I'm in favor of working around this bug on OSX by settings the servname to "0" when AI_NUMERICSERVICE is set and the passed in service name is None. I\m working on a patch.
msg182654 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-02-22 07:17
That's interesting... this also crashes:

>>> socket.getaddrinfo("localhost", "0", 0, 0, 0, socket.AI_NUMERICSERV)

While using another port number does not.

The attached patches for the default branch fixes the issue for me (on OSX 10.8). 

The same approach should also work with 2.7 (but the patch likely won't apply cleanly due to the use of TABs for indents in 2.7 and spaces in 3.x).

Open issue: should there be a testcase for this problem?
msg182655 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-02-22 07:25
I've filed radar #13271126 for this in Apple's tracker.
msg182695 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2013-02-22 20:06
On win7, the original example and '0' version give
[(23, 0, 0, '', ('::1', 0, 0, 0)), (2, 0, 0, '', ('127.0.0.1', 0))]
I think a testcase would be good.
msg183116 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-02-27 06:59
My bug submission at Apple was closed as a duplicate of radar 13058317.

Given the state of testing of getaddrinfo a testcase will be easier than expected, just pasting the call in this bugreport into the right testcase will match the style of most other checks in that testcase.
msg187633 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-04-23 12:42
I've updated the patch: it now contains a testcase (although the getaddrinfo tests are stretching the definition of the word, the new test only checks that the function doesn't crash)
msg189907 - (view) Author: Roundup Robot (python-dev) Date: 2013-05-24 11:51
New changeset f4981d8eb401 by Ronald Oussoren in branch '2.7':
Issue #17269: Workaround for a platform bug in getaddrinfo on OSX
http://hg.python.org/cpython/rev/f4981d8eb401

New changeset 3c4a5dc29417 by Ronald Oussoren in branch '3.3':
Issue #17269: Workaround for a platform bug in getaddrinfo on OSX
http://hg.python.org/cpython/rev/3c4a5dc29417

New changeset 24ffb0148729 by Ronald Oussoren in branch 'default':
(3.3->default) Issue #17269: Workaround for a platform bug in getaddrinfo on OSX
http://hg.python.org/cpython/rev/24ffb0148729
msg190332 - (view) Author: Stefan Krah (skrah) * (Python committer) Date: 2013-05-29 22:26
Hi, I think this broke the tiger buildbot:

http://buildbot.python.org/all/builders/x86%20Tiger%203.x/builds/6368/steps/test/logs/stdio
msg190348 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-05-30 08:07
That sucks. A patch should be easy, but I probably won't get around to that until sunday.
msg190598 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-06-04 14:15
I've tested a patch for the 2.7 branch on a 10.5 machine (which also failed to build without the patch), and will commit once I've finished running the testsuite on the 3.3 branch as well.
msg190893 - (view) Author: Roundup Robot (python-dev) Date: 2013-06-10 08:37
New changeset 4d1e4bc6c5b5 by Ronald Oussoren in branch '2.7':
Ensure that the fix for #17269 also works on OSX 10.4
http://hg.python.org/cpython/rev/4d1e4bc6c5b5

New changeset ef103e7e7af2 by Ronald Oussoren in branch '3.3':
Ensure that the fix for #17269 also works on OSX 10.4
http://hg.python.org/cpython/rev/ef103e7e7af2

New changeset 062f1985a5b7 by Ronald Oussoren in branch 'default':
(3.3->default) Ensure that the fix for #17269 also works on OSX 10.4
http://hg.python.org/cpython/rev/062f1985a5b7
msg190973 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2013-06-11 16:01
The buildbot seems to be happy right now (at least as far as getaddrinfo is concerned).
History
Date User Action Args
2013-06-11 16:01:58ronaldoussorensetstatus: open -> closed
resolution: fixed
messages: + msg190973
2013-06-10 08:37:27python-devsetmessages: + msg190893
2013-06-04 14:15:53ronaldoussorensetmessages: + msg190598
2013-05-30 08:07:42ronaldoussorensetmessages: + msg190348
2013-05-30 07:32:37ned.deilysetstatus: closed -> open

nosy: + benjamin.peterson, larry, georg.brandl
priority: normal -> release blocker
resolution: fixed -> (no value)
stage: resolved -> needs patch
2013-05-29 22:26:15skrahsetnosy: + skrah
messages: + msg190332
2013-05-24 13:58:22ronaldoussorensetstatus: open -> closed
resolution: fixed
stage: patch review -> resolved
2013-05-24 11:51:37python-devsetnosy: + python-dev
messages: + msg189907
2013-04-23 12:42:11ronaldoussorensetfiles: + issue17269-with-tests.txt

messages: + msg187633
2013-02-27 06:59:00ronaldoussorensetmessages: + msg183116
2013-02-22 20:06:33terry.reedysetnosy: + terry.reedy
messages: + msg182695
2013-02-22 07:25:22ronaldoussorensetmessages: + msg182655
2013-02-22 07:17:16ronaldoussorensetkeywords: + patch, needs review
files: + issue17269.txt
messages: + msg182654

stage: patch review
2013-02-22 06:58:07ronaldoussorensetmessages: + msg182652
2013-02-22 01:00:07ned.deilysetnosy: + ned.deily
messages: + msg182619
2013-02-21 23:36:09hayposetassignee: ronaldoussoren

nosy: + ronaldoussoren
components: + Macintosh
versions: + Python 3.2, Python 3.3, Python 3.4
2013-02-21 23:35:57hayposetnosy: + haypo
messages: + msg182617
2013-02-21 23:31:53tibbecreate