Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

segfaults calling warnings.warn() with non-string message #47889

Closed
dalcinl mannequin opened this issue Aug 21, 2008 · 10 comments
Closed

segfaults calling warnings.warn() with non-string message #47889

dalcinl mannequin opened this issue Aug 21, 2008 · 10 comments
Assignees
@brettcannon
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs) release-blocker type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@dalcinl
Copy link
Mannequin

dalcinl mannequin commented Aug 21, 2008

BPO 3639
Nosy @brettcannon, @devdanzin, @benjaminp
Files
  • _warnings.c.diff: patch for warnings.warn(non-string) segfault
  • fix_warn_funky_types.diff: Fix the crasher plus toss in some more error checking
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/brettcannon'
closed_at = <Date 2008-09-02.04:02:12.729>
created_at = <Date 2008-08-21.22:30:26.257>
labels = ['interpreter-core', 'type-crash', 'release-blocker']
title = 'segfaults calling warnings.warn() with non-string message'
updated_at = <Date 2008-09-02.04:02:12.727>
user = 'https://bugs.python.org/dalcinl'

    bugs.python.org fields:

    activity = <Date 2008-09-02.04:02:12.727>
actor = 'brett.cannon'
assignee = 'brett.cannon'
closed = True
closed_date = <Date 2008-09-02.04:02:12.729>
closer = 'brett.cannon'
components = ['Interpreter Core']
creation = <Date 2008-08-21.22:30:26.257>
creator = 'dalcinl'
dependencies = []
files = ['11211', '11220']
hgrepos = []
issue_num = 3639
keywords = ['patch']
message_count = 10.0
messages = ['71694', '71709', '71721', '71750', '71763', '71765', '71766', '71773', '71774', '72312']
nosy_count = 4.0
nosy_names = ['brett.cannon', 'dalcinl', 'ajaksu2', 'benjamin.peterson']
pr_nums = []
priority = 'release blocker'
resolution = 'accepted'
stage = None
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue3639'
versions = ['Python 3.0']
    @dalcinl
    Copy link
    Mannequin Author

    dalcinl mannequin commented Aug 21, 2008 

    from warnings import warn

warn("hello world") # -> Success
warn(UserWarning)   # -> Segmentation fault
warn(None)          # -> Segmentation fault
warn(1)             # -> Segmentation fault

    @dalcinl dalcinl mannequin added interpreter-core (Objects, Python, Grammar, and Parser dirs) type-crash A hard crash of the interpreter, possibly with a core dump labels Aug 21, 2008
    @devdanzin
    Copy link
    Mannequin

    devdanzin mannequin commented Aug 22, 2008

    Two small clues.

    First, a backtrace:

    #0  0xb7df102a in strcmp () from /lib/tls/i686/cmov/libc.so.6
#1  0x0809e678 in warn_explicit (category=0x81dd140, message=0xb7ac58f4,
filename=0xb7acced0, lineno=1, module=0xb7f53300,
    registry=0xb7ac9e94, sourceline=0x0) at Python/_warnings.c:393
#2  0x0809f1df in do_warn (message=0x81fbd78, category=0x81dd140,
stack_level=1) at Python/_warnings.c:606
#3  0x0809f37d in warnings_warn (self=0xb7aceab4, args=0xb7af0a7c,
kwds=0x0) at Python/_warnings.c:628
#4  0x081624ee in PyCFunction_Call (func=0xb7acace4, arg=0xb7af0a7c,
kw=0x0) at Objects/methodobject.c:84
#5  0x080b3633 in call_function (pp_stack=0xbfd51f44, oparg=1) at
Python/ceval.c:3403
#6  0x080ae776 in PyEval_EvalFrameEx (f=0x82b5e6c, throwflag=0) at
Python/ceval.c:2205
#7  0x080b1ac8 in PyEval_EvalCodeEx (co=0xb7ade988, globals=0xb7f4f5d4,
locals=0xb7f4f5d4, args=0x0, argcount=0, kws=0x0,
    kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at
Python/ceval.c:2840
#8  0x080a686f in PyEval_EvalCode (co=0xb7ade988, globals=0xb7f4f5d4,
locals=0xb7f4f5d4) at Python/ceval.c:519
#9  0x080df486 in run_mod (mod=0x82ba910, filename=0x81a09e4 "<stdin>",
globals=0xb7f4f5d4, locals=0xb7f4f5d4,
    flags=0xbfd52370, arena=0x8216df8) at Python/pythonrun.c:1553
#10 0x080dd67e in PyRun_InteractiveOneFlags (fp=0xb7ec7440,
filename=0x81a09e4 "<stdin>", flags=0xbfd52370)
    at Python/pythonrun.c:958
#11 0x080dd1e0 in PyRun_InteractiveLoopFlags (fp=0xb7ec7440,
filename=0x81a09e4 "<stdin>", flags=0xbfd52370)
    at Python/pythonrun.c:870
#12 0x080dd038 in PyRun_AnyFileExFlags (fp=0xb7ec7440,
filename=0x81a09e4 "<stdin>", closeit=0, flags=0xbfd52370)
    at Python/pythonrun.c:839
#13 0x080ef6ba in Py_Main (argc=1, argv=0xb7f22028) at Modules/main.c:592
#14 0x0805a689 in main (argc=1, argv=0xbfd534c4) at ./Modules/python.c:57
    Then, this behavior:
Python 3.0b3+ (py3k:65930M, Aug 21 2008, 21:23:08)
[GCC 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import _warnings
[40709 refs]
>>> _warnings.warn(0)
__main__:1: UserWarning: 0
[40739 refs]
>>> _warnings.warn(12345)
__main__:1: UserWarning: 12345
[40744 refs]
>>> _warnings.warn(AttributeError)
__main__:1: UserWarning: <class 'AttributeError'>
[40750 refs]
>>> import warnings
[41483 refs]
>>> warnings.warn(0)
[41483 refs]
>>> warnings.warn(12345)
[41483 refs]
>>> warnings.warn(10101)
Segmentation fault

    That is, _warnings.warn(spam) works OK and avoids the
    warnings.warn(spam) crash for values already called by the former.

    @brettcannon
    Copy link
    Member

    If you search for _PyUnicode_AsString() in Python/_warnings.c you will
    find several places that assume that the proper measures have been taken
    to make sure the object is a string. All of those places need to be
    fixed so that if a string is not passed in then one is grabbed.

    And the reason this turned out as a segfault is for a missing error
    return value just before the strcmp() call.

    @devdanzin
    Copy link
    Mannequin

    devdanzin mannequin commented Aug 22, 2008

    Brett,
    I don't think I know C (and CPython) enough to fix this. I was able to
    get rid of this specific segfault with this:

    •        const char \*text_char = \_PyUnicode_AsString(text);

    + const char *text_char =
    _PyUnicode_AsString(PyObject_Str(text));

    But I have no idea whether I should also incref/decref the PyObject_Str.

    @brettcannon
    Copy link
    Member

    On Fri, Aug 22, 2008 at 8:03 AM, Daniel Diniz <report@bugs.python.org> wrote:

    Daniel Diniz <ajaksu@gmail.com> added the comment:

    Brett,
    I don't think I know C (and CPython) enough to fix this. I was able to
    get rid of this specific segfault with this:

    •        const char \*text_char = \_PyUnicode_AsString(text);

    •        const char \*text_char =

    _PyUnicode_AsString(PyObject_Str(text));

    But I have no idea whether I should also incref/decref the PyObject_Str.

    That's along the lines of what needs to be done (and what I was
    planning on doing), although you need to do more error checking on the
    return values. Plus the patch I am cooking up adds more checks in the
    code for the return value of _PyUnicode_AsString().

    @brettcannon
    Copy link
    Member

    The patch doesn't actually bother with a translation as the code causing
    issue is only there to prevent infinite recursion. So if the object
    being used is not a string, then there is no need to worry as it is not
    part of the infinite recursion problem.

    I also added a bunch of missing error checks.

    @benjaminp
    Copy link
    Contributor

    Brett, is this patch ready for review?

    @brettcannon
    Copy link
    Member

    That's why the keyword is set. =)

    @benjaminp
    Copy link
    Contributor

    On Fri, Aug 22, 2008 at 2:59 PM, Brett Cannon <report@bugs.python.org> wrote:

    Brett Cannon <brett@python.org> added the comment:

    That's why the keyword is set. =)

    Ah. I missed that. :) The patch looks fine.

    Python tracker <report@bugs.python.org>
    <http://bugs.python.org/issue3639\>

    --
    Cheers,
    Benjamin Peterson
    "There's no place like 127.0.0.1."

    @brettcannon
    Copy link
    Member

    Checked in r66140.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @brettcannon brettcannon

    Labels
    interpreter-core (Objects, Python, Grammar, and Parser dirs) release-blocker type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @brettcannon @benjaminp