Message 96795 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	sh
Recipients	sh
Date	2009-12-22.07:31:39
SpamBayes Score	7.2943596e-11
Marked as misclassified	No
Message-id	<1261467103.65.0.513251554155.issue7561@psf.upfronthosting.co.za>
In-reply-to

Content
Various functions in the 'posix' module that take filename arguments accept bytearray values for those arguments, and mishandle those objects in a way that leads to segfaults. Python 3.1 (r31:73572, Jul 23 2009, 23:41:26) [GCC 4.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> os.mkdir(bytearray(b'/')) Segmentation fault There's at least two seperate problems with the way posixmodule handles these objects. The first is that the code isn't set up to handle NULL retvals from PyByteArray_AS_STRING(), which occur for zero-byte bytearray objects. This causes a NULL-pointer dereference in PyUnicode_FSConverter() if you pass a zero-length bytearray. The second issue is that release_bytes() calls bytearray_releasebuffer() with NULL for the first argument, which directly leads to a NULL-pointer dereference. I'm attaching a patch against SVN 77001 which should fix both of these issues.

Various functions in the 'posix' module that take filename arguments
accept bytearray values for those arguments, and mishandle those objects
in a way that leads to segfaults.

Python 3.1 (r31:73572, Jul 23 2009, 23:41:26)
[GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.mkdir(bytearray(b'/'))
Segmentation fault

There's at least two seperate problems with the way posixmodule handles
these objects. The first is that the code isn't set up to handle NULL
retvals from PyByteArray_AS_STRING(), which occur for zero-byte
bytearray objects. This causes a NULL-pointer dereference in
PyUnicode_FSConverter() if you pass a zero-length bytearray.

The second issue is that release_bytes() calls bytearray_releasebuffer()
with NULL for the first argument, which directly leads to a NULL-pointer
dereference.

I'm attaching a patch against SVN 77001 which should fix both of these
issues.

History
Date	User	Action	Args
2009-12-22 07:31:45	sh	set	recipients: + sh
2009-12-22 07:31:43	sh	set	messageid: <1261467103.65.0.513251554155.issue7561@psf.upfronthosting.co.za>
2009-12-22 07:31:41	sh	link	issue7561 messages
2009-12-22 07:31:40	sh	create