Message181936
Python 3.3 added a nice new feature: if you don't supply enough positional parameters to a function, it tells you the names of the positional parameters you omitted.
Unfortunately, the code that prints this error message assumes that the function is well-formed. If I manually create a function using types.CodeType and types.FunctionType, and I don't provide enough entries in the types.CodeType "varnames" parameter to satisfy all the positional parameters, and I call the resulting function with insufficient parameters, Python crashes.
I've attached a sample script that demonstrates this crash. I can reproduce it with both 3.3.0 and a recent trunk. Since this feature wasn't in 3.2 or before, the bug doesn't seem to exist in those versions; I couldn't reproduce with 3.2 or 2.7.
The crash occurs in missing_arguments() in Python/ceval.c, line 3256 in trunk. The function calls PyTuple_GET_ITEM on the co_varnames tuple without checking that it has sufficient entries. It gets a crazytown pointer, calls PyObject_Repr on it, and boom.
I've attached a band-aid patch which prevents the crash, but this is almost certainly not the fix we want. Perhaps types.CodeType should refuse to generate the malformed code object in the first place? |
|
Date |
User |
Action |
Args |
2013-02-11 23:54:44 | larry | set | recipients:
+ larry |
2013-02-11 23:54:43 | larry | set | messageid: <1360626883.99.0.640748040618.issue17187@psf.upfronthosting.co.za> |
2013-02-11 23:54:43 | larry | link | issue17187 messages |
2013-02-11 23:54:43 | larry | create | |
|