Message 319180 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Tey
Recipients	Tey
Date	2018-06-09.20:36:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1528576576.56.0.592728768989.issue33817@psf.upfronthosting.co.za>
In-reply-to

Content
Making PyString_FromFormatV() build an empty string on 2.7 will fail and raise the following error: SystemError: Objects/stringobject.c:3903: bad argument to internal function It does not matter if format is empty or not (e.g., both PyString_FromFormat("") and PyString_FromFormat("%s", "")). The exception is raised from _PyString_Resize() (called at the end of PyString_FromFormatV()), because the string given to that method has a ref count different than 1. This is expected for empty strings, because PyString_FromStringAndSize() returns a reference to <nullstring> when <size> is 0. A possible fix would be to prevent the call to _PyString_Resize() from PyString_FromFormatV() if <string> is equal to <nullstring>, or if there is no need to resize the string. Python 3 versions before 3.6 might be impacted as well through PyBytes_FromFormatV() (cannot check). The following code can be used to trigger the bug: static int dobug(const char fmt, ...) { va_list args; va_start(args, fmt); PyObject str = PyString_FromFormatV(fmt, args); va_end(args); if(str == NULL) { fprintf(stderr, "Error: PyString_FromFormatV(%s) returned NULL\n", fmt); return -1; } Py_DECREF(str); return 0; } static PyObject* bug(PyObject *self) { fprintf(stderr, "dobug(\"\") => %d\n", dobug("")); fprintf(stderr, "dobug(\"%%s\", \"\") => %d\n", dobug("%s", "")); if(PyErr_Occurred()) return NULL; Py_RETURN_NONE; }

Making PyString_FromFormatV() build an empty string on 2.7 will fail and raise the following error:
SystemError: Objects/stringobject.c:3903: bad argument to internal function

It does not matter if format is empty or not (e.g., both PyString_FromFormat("") and PyString_FromFormat("%s", "")).

The exception is raised from _PyString_Resize() (called at the end of PyString_FromFormatV()), because the string given to that method has a ref count different than 1. This is expected for empty strings, because PyString_FromStringAndSize() returns a reference to <nullstring> when <size> is 0.

A possible fix would be to prevent the call to _PyString_Resize() from PyString_FromFormatV() if <string> is equal to <nullstring>, or if there is no need to resize the string.

Python 3 versions before 3.6 might be impacted as well through PyBytes_FromFormatV() (cannot check).

The following code can be used to trigger the bug:

    static int dobug(const char *fmt, ...) {
        va_list args;
        va_start(args, fmt);
    
        PyObject *str = PyString_FromFormatV(fmt, args);
        va_end(args);
    
        if(str == NULL) {
            fprintf(stderr, "Error: PyString_FromFormatV(%s) returned NULL\n", fmt);
            return -1;
        }
    
        Py_DECREF(str);
    
        return 0;
    }

    static PyObject* bug(PyObject *self) {
        fprintf(stderr, "dobug(\"\") => %d\n", dobug(""));
        fprintf(stderr, "dobug(\"%%s\", \"\") => %d\n", dobug("%s", ""));
    
        if(PyErr_Occurred()) return NULL;
        Py_RETURN_NONE;
    }

History
Date	User	Action	Args
2018-06-09 20:36:16	Tey	set	recipients: + Tey
2018-06-09 20:36:16	Tey	set	messageid: <1528576576.56.0.592728768989.issue33817@psf.upfronthosting.co.za>
2018-06-09 20:36:16	Tey	link	issue33817 messages
2018-06-09 20:36:16	Tey	create