PyArg_ParseTuple with format "et#" and "es#" detects overflow by raising TypeError instead of ValueError #70386
Comments
|
The documentation for the "es#" format (and the "et#" that derives from it) documents the possibility of providing an already allocated buffer. Buffer overflow is detected and handled as follows: "If the buffer is not large enough, a ValueError will be set." However, the actual behavior is to raise a TypeError. Inspecting the code in getargs.c reveals that convertsimple() handles buffer overflow by returning a formatted message to its caller, convertitem(). Calls to convertitem() that return an error call seterror() to set the error, and seterror() unconditionally sets the PyExc_TypeError. This is not a big issue in practice, and since the behavior is not new, it might be best to simply update the documentation to match the existing practice instead of changing the behavior and risking breaking working code. |
hniksic
mannequin
added
docs
|
The problem can be encountered and easily reproduced by calling os.path functions, such as os.path.abspath, with a sufficiently large string on Windows: >>> os.path.abspath("a" * 1024)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "P:\...\lib\ntpath.py", line 471, in abspath
TypeError: must be (buffer overflow), not strThe error message is somewhat confusing, making it look like the "must be" and "not" arguments are swapped. Ideally, the message could be along the lines of "must be a string of no more than X characters". |
|
I just changed the ValueError to TypeError. This is my first attempt at fixing anything, so let me know if I've screwed up anywhere. |
|
Added a patch that changes the documentation to reflect TypeError instead of ValueError* |
|
Proposed patch fixes minor bugs in Python/getargs.c:
|
|
Barun, Serhiy, thanks for picking this up so quickly. I would further suggest to avoid using a fixed buffer in abspath (_getfullpathname, but only abspath seems to call it). Other filesystem calls are using the interface where PyArg_ParseTuple allocates the buffer. This makes it easier to handling errors from the native layer by catching OSError or similar, instead of the very generic TypeError (or ValueError). |
|
New changeset 1c690cb4def8 by Serhiy Storchaka in branch '3.5': New changeset 745ad3010384 by Serhiy Storchaka in branch 'default': New changeset 60a2d67dacb3 by Serhiy Storchaka in branch '2.7': |
|
One review comment |
|
Also, test_getargs2 seems faulty on 2.7. I am seeing MemoryError; some of the buildbots are segfaulting. |
|
New changeset d0b4be7d2134 by Serhiy Storchaka in branch '2.7': |
|
Thank you Martin. This was 64-bit specific bug. |
|
Here is updated patch. |
|
New changeset ab25ce400abd by Serhiy Storchaka in branch '2.7': New changeset 9f998e24d8d8 by Serhiy Storchaka in branch '3.5': New changeset f8bdc0ea3bcf by Serhiy Storchaka in branch 'default': New changeset 53d66a554beb by Serhiy Storchaka in branch 'default': |
|
test_datetime is broken on 3.5 and default: ====================================================================== During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/buildbot/slaves/profile-opt-bot/3.5.gps-debian-profile-opt/build/Lib/test/datetimetester.py", line 1578, in test_format
dt.__format__(123)
AssertionError: "^must be str, not int$" does not match "__format__() argument 1 must be str, not int"http://buildbot.python.org/all/builders/AMD64%20Debian%20PGO%203.5/builds/632/steps/test/logs/stdio http://buildbot.python.org/all/builders/x86%20Tiger%203.x/builds/10486/steps/test/logs/stdio |
|
New changeset 22b0a63808f8 by Serhiy Storchaka in branch '3.5': New changeset a9c9e4054f3f by Serhiy Storchaka in branch 'default': |
|
Thanks Berker. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: