Author larry
Recipients larry
Date 2013-02-11.23:54:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1360626883.99.0.640748040618.issue17187@psf.upfronthosting.co.za>
In-reply-to
Content
Python 3.3 added a nice new feature: if you don't supply enough positional parameters to a function, it tells you the names of the positional parameters you omitted.

Unfortunately, the code that prints this error message assumes that the function is well-formed.  If I manually create a function using types.CodeType and types.FunctionType, and I don't provide enough entries in the types.CodeType  "varnames" parameter to satisfy all the positional parameters, and I call the resulting function with insufficient parameters, Python crashes.

I've attached a sample script that demonstrates this crash.  I can reproduce it with both 3.3.0 and a recent trunk.  Since this feature wasn't in 3.2 or before, the bug doesn't seem to exist in those versions; I couldn't reproduce with 3.2 or 2.7.

The crash occurs in missing_arguments() in Python/ceval.c, line 3256 in trunk.  The function calls PyTuple_GET_ITEM on the co_varnames tuple without checking that it has sufficient entries.  It gets a crazytown pointer, calls PyObject_Repr on it, and boom.

I've attached a band-aid patch which prevents the crash, but this is almost certainly not the fix we want.  Perhaps types.CodeType should refuse to generate the malformed code object in the first place?
History
Date User Action Args
2013-02-11 23:54:44larrysetrecipients: + larry
2013-02-11 23:54:43larrysetmessageid: <1360626883.99.0.640748040618.issue17187@psf.upfronthosting.co.za>
2013-02-11 23:54:43larrylinkissue17187 messages
2013-02-11 23:54:43larrycreate