Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NULL dereference when issubclass() is called on a class with bogus __subclasses__ #78622

Closed
izbyshev mannequin opened this issue Aug 20, 2018 · 3 comments
Closed

NULL dereference when issubclass() is called on a class with bogus __subclasses__ #78622

izbyshev mannequin opened this issue Aug 20, 2018 · 3 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@izbyshev
Copy link
Mannequin

izbyshev mannequin commented Aug 20, 2018

BPO 34441
Nosy @methane, @berkerpeksag, @serhiy-storchaka, @ilevkivskyi, @izbyshev, @miss-islington
PRs
  • bpo-34441: Fix ABC.__subclasscheck__ crash on a class with invalid __subclasses__ #8835
  • [3.7] bpo-34441: Fix ABC.__subclasscheck__ crash on classes with invalid __subclasses__ (GH-8835) #8840
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2018-08-20.20:47:06.951>
created_at = <Date 2018-08-20.13:41:11.862>
labels = ['extension-modules', '3.7', '3.8', 'type-crash']
title = 'NULL dereference when issubclass() is called on a class with bogus __subclasses__'
updated_at = <Date 2018-08-20.20:47:06.950>
user = 'https://github.com/izbyshev'

    bugs.python.org fields:

    activity = <Date 2018-08-20.20:47:06.950>
actor = 'izbyshev'
assignee = 'none'
closed = True
closed_date = <Date 2018-08-20.20:47:06.951>
closer = 'izbyshev'
components = ['Extension Modules']
creation = <Date 2018-08-20.13:41:11.862>
creator = 'izbyshev'
dependencies = []
files = []
hgrepos = []
issue_num = 34441
keywords = ['patch']
message_count = 3.0
messages = ['323789', '323810', '323811']
nosy_count = 6.0
nosy_names = ['methane', 'berker.peksag', 'serhiy.storchaka', 'levkivskyi', 'izbyshev', 'miss-islington']
pr_nums = ['8835', '8840']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue34441'
versions = ['Python 3.7', 'Python 3.8']
    @izbyshev
    Copy link
    Mannequin Author

    izbyshev mannequin commented Aug 20, 2018 

    >>> from abc import ABCMeta
>>> class S(metaclass=ABCMeta):
...   __subclasses__ = None
... 
>>> issubclass(int, S)
Segmentation fault (core dumped)

    This is the result of missing NULL check for 'subclasses' in _abc__abc_subclasscheck_impl (Modules/_abc.c):

        /* 6. Check if it's a subclass of a subclass (recursive). */
    subclasses = PyObject_CallMethod(self, "__subclasses__", NULL);
    if (!PyList_Check(subclasses)) {
        PyErr_SetString(PyExc_TypeError, "__subclasses__() must return a list");
        goto end;
    }

    Reported by Svace static analyzer.

    @izbyshev izbyshev mannequin added 3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump labels Aug 20, 2018
    @berkerpeksag
    Copy link
    Member

    New changeset cdbf50c by Berker Peksag (Alexey Izbyshev) in branch 'master':
    bpo-34441: Fix ABC.__subclasscheck__ crash on classes with invalid __subclasses__ (GH-8835)
    cdbf50c

    @miss-islington
    Copy link
    Contributor

    New changeset d1f0ccc by Miss Islington (bot) in branch '3.7':
    bpo-34441: Fix ABC.__subclasscheck__ crash on classes with invalid __subclasses__ (GH-8835)
    d1f0ccc

    @izbyshev izbyshev mannequin closed this as completed Aug 20, 2018
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @berkerpeksag @miss-islington