The following code causes the interpreter to crash:
class BadInt:
def __divmod__(*args):
return 42

import os
os.utime('foo.txt', ns=(BadInt(), 1))

This is because split_py_long_to_s_and_ns() (in Modules/posixmodule.c) assumes
that PyNumber_Divmod() returns a 2-tuple, and passes it to PyTuple_GET_ITEM(),
which assumes it is a tuple. Thus, PyTuple_GET_ITEM() might return a non-NULL
value which is not an address of a Python object.

I opened a PR.
I think another fix might be to use
PyLong_Type.tp_as_number->long_divmod() instead of PyNumber_Divmod().

There is also similar issue in timedelta.__divmod__.

PyLong_Type.tp_as_number->nb_divmod() works only with integers.

The different way of solving this issue is used in microseconds_to_delta_ex() in _datetimemodule.c.

Perhaps the best solution is to add a check that the result of nb_divmod() is a 2-tuple in PyNumber_Divmod(). This could fix similar errors in third-party code. What is your thoughts Mark?

We definitely can't make that change to PyNumber_Divmod in 3.7 at this point, I'm sure someone somewhere is relying on being able to get arbitrary information out of their objects with divmod(crazy_object). I don't know enough math to say whether there could be any legitimate mathematical use for arbitrary return values so I leave it to others to determine whether we could make that consider that change in 3.8 just to clean things up.

I've looked through _datetimemodule.c and I don't see how timedelta.__divmod__ could fail like this, since it actually creates new timedelta objects from its arguments to work from.

Adding Ned and marking as release blocker as this is a crasher in 3.7.0.

@Serihy, @mark, others, any suggestions for what to do for 3.7.1?

PR 3752 LGTM. I have reran CI tests, if they will be passed, the PR can be merged. This PR was not merged only because we discussed possible alternate solutions and lost an opportunity to merge it for 3.7.0.

I agree that timedelta.__divmod__ doesn't have such issue.

New changeset 0bd1a2d by Serhiy Storchaka (Oren Milman) in branch 'master':
bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752)
0bd1a2d

New changeset 329ea4e by Miss Islington (bot) in branch '3.7':
bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752)
329ea4e

Thanks, Serihy. Can we either close this now or remove 3.7 and "release blocker"?

The crash is fixed, so I've lowered the priority. Serhiy, are you still interested in pursuing an alternative fix in 3.8, or content with what's merged?

Serhiy has opened bpo-34676 for the idea of restricting PyNumber_Divmod()'s return type, so I'm closing the issue.