classification
Title: crash or SystemError in sqlite3.Cache in case it is uninitialized or partially initialized
Type: crash Stage: resolved
Components: Extension Modules Versions: Python 3.7, Python 3.6, Python 2.7
process
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: Oren Milman, berker.peksag, ericvw, ghaering, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2017-10-09 13:54 by Oren Milman, last changed 2018-09-08 18:33 by berker.peksag. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3939 closed Oren Milman, 2017-10-09 20:04
Messages (3)
msg303958 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-10-09 13:54
The following code causes a crash:
import sqlite3
cache = sqlite3.Cache.__new__(sqlite3.Cache)
cache.get(None)

This is because pysqlite_cache_get() (in Modules/_sqlite/cache.c) assumes that
the Cache object is initialized, and so it passes self->mapping to
PyDict_GetItem(), which assumes it is not NULL, and crashes.


Also, the following code causes a SystemError ('null argument to internal
routine'), as well as refleaks in the deallocation of the Cache object:
import sqlite3
cache = sqlite3.Cache(str)
try:
    cache.__init__()
except TypeError:
    pass
cache.get(None)

This is because pysqlite_cache_init() first sets self->factory to NULL, and
only then parses its arguments, so in case it fails to parse the arguments
(e.g. due to a wrong number of arguments) we are left with a partially
initialized Cache object.


While we are here, we should also fix refleaks that occur when
sqlite3.Cache.__init__() is called more than once.
msg303963 - (view) Author: Oren Milman (Oren Milman) * Date: 2017-10-09 14:31
Also, the following code results in a memory leak:
import sqlite3
cache = sqlite3.Cache.__new__(sqlite3.Cache)

This is because pysqlite_cache_dealloc() just returns in case of an uninitialized
Cache object.
msg322171 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2018-07-23 01:05
Thanks for the PR and for the work you've been doing to fix similar bugs in Python!

The Cache class is an implementation detail and it has no practical use for third party users. See issue 30262 for a discussion on making it private.

If a user somehow finds the Cache class, wants to do something with it, it's their problem if it crashes the interpreter.

So, unless you can demonstrate that these problems can be reproduced without using the Cache class directly, I'm inclined to close this issue as 'wontfix'.
History
Date User Action Args
2018-09-15 16:09:55serhiy.storchakalinkissue34695 superseder
2018-09-08 18:33:48berker.peksagsetstatus: open -> closed
resolution: wont fix
stage: patch review -> resolved
2018-07-23 01:05:26berker.peksagsetnosy: + berker.peksag
messages: + msg322171
2017-10-09 20:04:48Oren Milmansetkeywords: + patch
stage: patch review
pull_requests: + pull_request3912
2017-10-09 15:20:23ericvwsetnosy: + ericvw
2017-10-09 15:09:56serhiy.storchakasetnosy: + ghaering, serhiy.storchaka

versions: + Python 2.7, Python 3.6
2017-10-09 14:31:25Oren Milmansetmessages: + msg303963
2017-10-09 13:54:05Oren Milmancreate