New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_winapi.CreateProcess (used by subprocess) is not thread-safe #75627
Comments
The method used for spawning subprocesses on Windows is not thread-safe under certain circumstances. The following example demonstrates how this manifests: >>> import threading
>>> import subprocess
>>> for i in range(100):
... threading.Thread(
... target=subprocess.Popen,
... args=('ping localhost',),
... kwargs={'stdout': subprocess.DEVNULL},
... ).start()
...
Exception in thread Thread-1202:
Traceback (most recent call last):
File "C:\Program Files\Python36\lib\threading.py", line 916, in _bootstrap_inner
self.run()
File "C:\Program Files\Python36\lib\threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "C:\Program Files\Python36\lib\subprocess.py", line 707, in __init__
restore_signals, start_new_session)
File "C:\Program Files\Python36\lib\subprocess.py", line 990, in _execute_child
startupinfo)
ValueError: embedded null character
Exception in thread Thread-1206:
Traceback (most recent call last):
File "C:\Program Files\Python36\lib\threading.py", line 916, in _bootstrap_inner
self.run()
File "C:\Program Files\Python36\lib\threading.py", line 864, in run
self._target(*self._args, **self._kwargs)
File "C:\Program Files\Python36\lib\subprocess.py", line 707, in __init__
restore_signals, start_new_session)
File "C:\Program Files\Python36\lib\subprocess.py", line 990, in _execute_child
startupinfo)
ValueError: embedded null character
subprocess.Popen calls down to _winapi.CreateProcess, which calls CreateProcessW. When args is passed as a fixed string, the result of the argument conversion is attached to the object and shared by future calls into C code. However, the documentation for CreateProcess states: "The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation." (Source: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx) It appears CreateProcessW is briefly inserting null characters into the buffer, causing errors if that buffer is used elsewhere before it is changed back. The call to CreateProcessW using the shared buffer can be seen here: Line 879 in b8f4163
Note that this error does not occur when passing args as a list, as subprocess.list2cmdline creates a new (though identical) string for each invocation. One potential solution is to allocate a copy of command_line (the shared buffer) instead of using the original. |
I remove Python 3.3-3.5 from Python versions since these versions don't accept bugfixes anymore, only security fixes: |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: