classification
Title: crash in os.utime() in case of a bad ns argument
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: Oren Milman, mark.dickinson, miss-islington, ned.deily, serhiy.storchaka, xtreak, zach.ware
Priority: normal Keywords: patch

Created on 2017-09-25 16:47 by Oren Milman, last changed 2018-09-14 20:50 by zach.ware. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3752 merged Oren Milman, 2017-09-25 19:49
PR 9222 merged miss-islington, 2018-09-12 19:14
Messages (12)
msg302962 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-09-25 16:47
The following code causes the interpreter to crash:
class BadInt:
    def __divmod__(*args):
        return 42

import os
os.utime('foo.txt', ns=(BadInt(), 1))


This is because split_py_long_to_s_and_ns() (in Modules/posixmodule.c) assumes
that PyNumber_Divmod() returns a 2-tuple, and passes it to PyTuple_GET_ITEM(),
which assumes it is a tuple. Thus, PyTuple_GET_ITEM() might return a non-NULL
value which is not an address of a Python object.
msg302976 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-09-25 19:50
I opened a PR.
I think another fix might be to use
PyLong_Type.tp_as_number->long_divmod() instead of PyNumber_Divmod().
msg303020 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2017-09-26 07:46
There is also similar issue in timedelta.__divmod__.

PyLong_Type.tp_as_number->nb_divmod() works only with integers.

The different way of solving this issue is used in microseconds_to_delta_ex() in _datetimemodule.c.

Perhaps the best solution is to add a check that the result of nb_divmod() is a 2-tuple in PyNumber_Divmod(). This could fix similar errors in third-party code. What is your thoughts Mark?
msg324940 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2018-09-10 17:54
We definitely can't make that change to PyNumber_Divmod in 3.7 at this point, I'm sure someone somewhere is relying on being able to get arbitrary information out of their objects with `divmod(crazy_object)`.  I don't know enough math to say whether there could be any legitimate mathematical use for arbitrary return values so I leave it to others to determine whether we could make that consider that change in 3.8 just to clean things up.

I've looked through _datetimemodule.c and I don't see how timedelta.__divmod__ could fail like this, since it actually creates new timedelta objects from its arguments to work from.
msg324941 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2018-09-10 17:57
Adding Ned and marking as release blocker as this is a crasher in 3.7.0.
msg325154 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2018-09-12 18:25
@Serihy, @Mark, others, any suggestions for what to do for 3.7.1?
msg325166 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-09-12 18:46
PR 3752 LGTM. I have reran CI tests, if they will be passed, the PR can be merged. This PR was not merged only because we discussed possible alternate solutions and lost an opportunity to merge it for 3.7.0.

I agree that timedelta.__divmod__ doesn't have such issue.
msg325171 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-09-12 19:14
New changeset 0bd1a2dcfdf36b181385ae61361e7692f4ebb0fd by Serhiy Storchaka (Oren Milman) in branch 'master':
bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752)
https://github.com/python/cpython/commit/0bd1a2dcfdf36b181385ae61361e7692f4ebb0fd
msg325174 - (view) Author: miss-islington (miss-islington) Date: 2018-09-12 19:46
New changeset 329ea4ef7cc3a907a64c6f0702fc93206b6744de by Miss Islington (bot) in branch '3.7':
bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752)
https://github.com/python/cpython/commit/329ea4ef7cc3a907a64c6f0702fc93206b6744de
msg325257 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2018-09-13 15:27
Thanks, Serihy.  Can we either close this now or remove 3.7 and "release blocker"?
msg325259 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2018-09-13 15:50
The crash is fixed, so I've lowered the priority.  Serhiy, are you still interested in pursuing an alternative fix in 3.8, or content with what's merged?
msg325397 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2018-09-14 20:50
Serhiy has opened bpo-34676 for the idea of restricting PyNumber_Divmod()'s return type, so I'm closing the issue.
History
Date User Action Args
2018-09-14 20:50:26zach.waresetstatus: pending -> closed

messages: + msg325397
stage: commit review -> resolved
2018-09-13 15:50:58zach.waresetstatus: open -> pending
priority: release blocker -> normal
messages: + msg325259

resolution: fixed
stage: patch review -> commit review
2018-09-13 15:27:15ned.deilysetmessages: + msg325257
2018-09-12 19:46:33miss-islingtonsetnosy: + miss-islington
messages: + msg325174
2018-09-12 19:14:59miss-islingtonsetpull_requests: + pull_request8653
2018-09-12 19:14:38serhiy.storchakasetmessages: + msg325171
2018-09-12 18:46:13serhiy.storchakasetmessages: + msg325166
2018-09-12 18:25:10ned.deilysetmessages: + msg325154
2018-09-11 09:15:55xtreaksetnosy: + xtreak
2018-09-10 17:57:18zach.waresetpriority: normal -> release blocker
nosy: + ned.deily
messages: + msg324941

2018-09-10 17:54:46zach.waresetnosy: + zach.ware

messages: + msg324940
versions: + Python 3.8
2017-09-26 07:46:23serhiy.storchakasetnosy: + mark.dickinson, serhiy.storchaka
messages: + msg303020
2017-09-25 19:50:27Oren Milmansetmessages: + msg302976
2017-09-25 19:49:33Oren Milmansetkeywords: + patch
stage: patch review
pull_requests: + pull_request3739
2017-09-25 16:47:57Oren Milmancreate