classification
Title: PEP 590 method_vectorcall calls memcpy with NULL src
Type: behavior Stage: commit review
Components: Interpreter Core Versions: Python 3.9, Python 3.8
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Mark.Shannon Nosy List: Mark.Shannon, gregory.p.smith, jdemeyer, miss-islington, vstinner
Priority: normal Keywords: patch

Created on 2019-06-03 04:16 by gregory.p.smith, last changed 2019-07-02 10:39 by jdemeyer. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 13867 merged jdemeyer, 2019-06-06 16:00
PR 13900 merged miss-islington, 2019-06-07 18:02
PR 14550 merged jdemeyer, 2019-07-02 10:39
Messages (5)
msg344378 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2019-06-03 04:16
The undefined behavior sanitizer buildbot is flagging a bunch of issues in master (3.8) of late:

AssertionError: 'Objects/classobject.c:74:29: runtime erro[139 chars]re\n' != ''
- Objects/classobject.c:74:29: runtime error: null pointer passed as argument 2, which is declared to never be null
- /usr/include/string.h:43:28: note: nonnull attribute specified here

 (see https://buildbot.python.org/all/#/builders/135/builds/1937/steps/5/logs/stdio)

This appears to be coming from a relatively new classobject.c:method_vectorcall() function

method_vectorcall(PyObject *method, PyObject *const *args,
                  size_t nargsf, PyObject *kwnames)

Which looks like it is probably being called with NULL args value and thus winds up calling memcpy() with src=NULL.

This was introduced in https://github.com/python/cpython/commit/aacc77fbd77640a8f03638216fa09372cc21673d for the PEP 590 implementation.
msg344825 - (view) Author: Jeroen Demeyer (jdemeyer) * (Python triager) Date: 2019-06-06 15:52
That's entirely my fault. I was not aware of the fact that calling memcpy() with src=NULL and length 0 was undefined behaviour. I disagree that it should be undefined, but there is not much point in arguing against the C standard.
msg344984 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2019-06-07 18:01
New changeset 1f9531764cc0f8dbca1d8f429d162dc28282f4b4 by Gregory P. Smith (Jeroen Demeyer) in branch 'master':
bpo-37138: fix undefined behaviour with memcpy() on NULL array (GH-13867)
https://github.com/python/cpython/commit/1f9531764cc0f8dbca1d8f429d162dc28282f4b4
msg344994 - (view) Author: miss-islington (miss-islington) Date: 2019-06-07 18:26
New changeset 6e053079ac3fe50ffbe9128bcf766298168c31cb by Miss Islington (bot) in branch '3.8':
bpo-37138: fix undefined behaviour with memcpy() on NULL array (GH-13867)
https://github.com/python/cpython/commit/6e053079ac3fe50ffbe9128bcf766298168c31cb
msg344995 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2019-06-07 18:30
Thanks Jeroen!
History
Date User Action Args
2019-07-02 10:39:31jdemeyersetpull_requests: + pull_request14368
2019-06-07 18:30:26gregory.p.smithsetstatus: open -> closed
resolution: fixed
messages: + msg344995

stage: patch review -> commit review
2019-06-07 18:26:07miss-islingtonsetnosy: + miss-islington
messages: + msg344994
2019-06-07 18:02:07miss-islingtonsetpull_requests: + pull_request13775
2019-06-07 18:01:58gregory.p.smithsetmessages: + msg344984
2019-06-06 16:00:50jdemeyersetkeywords: + patch
stage: needs patch -> patch review
pull_requests: + pull_request13743
2019-06-06 15:52:04jdemeyersetnosy: + jdemeyer
messages: + msg344825
2019-06-05 08:28:40vstinnersetnosy: + vstinner
2019-06-03 04:16:10gregory.p.smithcreate