msvcrt.locking crashes python #73578

RazerM · 2017-01-30T17:30:26Z

BPO	29392
Nosy	@pfmoore, @tjguk, @zware, @eryksun, @zooba, @RazerM

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/zooba'
closed_at = <Date 2018-05-28.22:31:29.638>
created_at = <Date 2017-01-30.17:30:26.445>
labels = ['3.7', 'OS-windows', 'type-crash']
title = 'msvcrt.locking crashes python'
updated_at = <Date 2018-05-28.22:31:29.637>
user = 'https://github.com/RazerM'

bugs.python.org fields:

activity = <Date 2018-05-28.22:31:29.637>
actor = 'steve.dower'
assignee = 'steve.dower'
closed = True
closed_date = <Date 2018-05-28.22:31:29.638>
closer = 'steve.dower'
components = ['Windows']
creation = <Date 2017-01-30.17:30:26.445>
creator = 'RazerM'
dependencies = []
files = []
hgrepos = []
issue_num = 29392
keywords = []
message_count = 7.0
messages = ['286495', '286500', '286501', '287003', '287012', '287016', '287021']
nosy_count = 7.0
nosy_names = ['paul.moore', 'tim.golden', 'python-dev', 'zach.ware', 'eryksun', 'steve.dower', 'RazerM']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue29392'
versions = ['Python 3.5', 'Python 3.6', 'Python 3.7']

RazerM · 2017-01-30T17:30:26Z

On 3.5.2 and 3.5.3, but not 3.4.3 or 2.7.10 (Windows 64-bit), the third line causes Python to crash with exit code 0xC0000417.

import msvcrt
fp = open('file.txt', 'w')
msvcrt.locking(fp.fileno(), msvcrt.LK_NBLCK, -1)
print('End')

I came across this in the portalocker module. I don't think -1 is a valid third argument, but it doesn't raise an exception on Python 3.4 or 2.7.

RazerM · 2017-01-30T23:09:43Z

I ran it on AppVeyor to double check, the crash appears from 3.5 onwards as I saw on my computer.

https://ci.appveyor.com/project/RazerM/issue29392/build/3

eryksun · 2017-01-30T23:40:33Z

The old CRT doesn't do any parameter validation on the nbytes parameter. It just passes it directly to Windows LockFile as follows:

LockFile((HANDLE)_get_osfhandle(fh), lockoffset, 0L, nbytes, 0L)

which is locking (DWORD)-1 bytes, i.e. 0xFFFFFFFF. This allows users to sneakily lock more than 2 GiB by passing a negative value. Python could do its own validation in 2.7 to raise an exception for negative values, but I think it's too late; that ship has sailed.

The parameter is validated by the new CRT in 3.5+, which limits nbytes to non-negative values. There we need the _Py_BEGIN_SUPPRESS_IPH and _Py_END_SUPPRESS_IPH macros to handle the failed call without crashing the process.

python-dev · 2017-02-04T23:06:05Z

New changeset f48bdcd02b57 by Steve Dower in branch '3.5':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
https://hg.python.org/cpython/rev/f48bdcd02b57

New changeset 15bbb18d87fd by Steve Dower in branch '3.6':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
https://hg.python.org/cpython/rev/15bbb18d87fd

New changeset fb6a48fa8da3 by Steve Dower in branch 'default':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
https://hg.python.org/cpython/rev/fb6a48fa8da3

python-dev · 2017-02-05T00:00:29Z

New changeset cb0c9718f7bd13df67b0d7df88b6f5b197ef05a7 by Steve Dower in branch '3.5':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
cb0c971

python-dev · 2017-02-05T00:00:32Z

New changeset cb0c9718f7bd13df67b0d7df88b6f5b197ef05a7 by Steve Dower in branch 'master':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
cb0c971

New changeset ed8b523b9f6495806a38262ca9d1676bf7d5e830 by Steve Dower in branch 'master':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
ed8b523

New changeset 01c3bdbb25068e7558ff8f275d0ed22c9f4e6b32 by Steve Dower in branch 'master':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
01c3bdb

python-dev · 2017-02-05T00:00:35Z

New changeset ed8b523b9f6495806a38262ca9d1676bf7d5e830 by Steve Dower in branch '3.6':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
ed8b523

New changeset cb0c9718f7bd13df67b0d7df88b6f5b197ef05a7 by Steve Dower in branch '3.6':
Issue bpo-29392: Prevent crash when passing invalid arguments into msvcrt module.
cb0c971

RazerM mannequin added OS-windows type-crash A hard crash of the interpreter, possibly with a core dump labels Jan 30, 2017

eryksun added the 3.7 (EOL) end of life label Jan 30, 2017

zooba self-assigned this Feb 4, 2017

zooba closed this as completed May 28, 2018

ezio-melotti transferred this issue from another repository Apr 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

msvcrt.locking crashes python #73578

msvcrt.locking crashes python #73578

RazerM mannequin commented Jan 30, 2017

RazerM mannequin commented Jan 30, 2017

RazerM mannequin commented Jan 30, 2017

eryksun commented Jan 30, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 5, 2017

python-dev mannequin commented Feb 5, 2017

python-dev mannequin commented Feb 5, 2017

msvcrt.locking crashes python #73578

msvcrt.locking crashes python #73578

Comments

RazerM mannequin commented Jan 30, 2017

RazerM mannequin commented Jan 30, 2017

RazerM mannequin commented Jan 30, 2017

eryksun commented Jan 30, 2017

python-dev mannequin commented Feb 4, 2017

python-dev mannequin commented Feb 5, 2017

python-dev mannequin commented Feb 5, 2017

python-dev mannequin commented Feb 5, 2017