classification
Title: Null pointer dereference in tkinter module
Type: crash Stage: resolved
Components: Tkinter Versions: Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, larry, python-dev, serhiy.storchaka, terry.reedy
Priority: release blocker Keywords: patch

Created on 2014-02-04 23:09 by christian.heimes, last changed 2014-02-10 20:23 by serhiy.storchaka. This issue is now closed.

Files
File name Uploaded Description Edit
cid1167595.patch christian.heimes, 2014-02-04 23:09 review
Messages (4)
msg210276 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2014-02-04 23:09 
varname_converter() doesn't check the return value of PyUnicode_AsUTF8AndSize() for NULL. The bug was introduced by http://hg.python.org/cpython/rev/321b714653e3 / issue #20368

3. returned_null: Function "PyUnicode_AsUTF8AndSize(PyObject *, Py_ssize_t *)" returns null (checked 28 out of 30 times).[show details]
4. var_assigned: Assigning: "s" = null return value from "PyUnicode_AsUTF8AndSize(PyObject *, Py_ssize_t *)".
1399        s = PyUnicode_AsUTF8AndSize(in, &size);
5. Condition "size > 2147483647", taking false branch
1400        if (size > INT_MAX) {
1401            PyErr_SetString(PyExc_OverflowError, "string is too long");
1402            return 0;
1403        }
CID 1167595 (#1 of 1): Dereference null return value (NULL_RETURNS)6. dereference: Dereferencing a pointer that might be null "s" when calling "strlen(char const *)"
1404        if (strlen(s) != size) {
msg210279 - (view) Author: Roundup Robot (python-dev) Date: 2014-02-04 23:31 
New changeset d83ce3a2d954 by Christian Heimes in branch '3.3':
Issue #20515: Fix NULL pointer dereference introduced by issue #20368
http://hg.python.org/cpython/rev/d83ce3a2d954

New changeset 145032f626d3 by Christian Heimes in branch 'default':
Issue #20515: Fix NULL pointer dereference introduced by issue #20368
http://hg.python.org/cpython/rev/145032f626d3
msg210282 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2014-02-05 01:05 
Is the fix  needed for 2.7?
msg210863 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2014-02-10 20:23 
No, in 2.7 varname converter doesn't accept unicode.

Good catch Christian.
History
Date User Action Args
2014-02-10 20:23:01serhiy.storchakasetstatus: open -> closed
resolution: fixed
messages: + msg210863

stage: patch review -> resolved
2014-02-05 01:05:14terry.reedysetnosy: + terry.reedy
messages: + msg210282
2014-02-04 23:31:43python-devsetnosy: + python-dev
messages: + msg210279
2014-02-04 23:09:12christian.heimescreate