Author Tey
Recipients Tey
Date 2018-06-09.20:36:16
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1528576576.56.0.592728768989.issue33817@psf.upfronthosting.co.za>
In-reply-to
Content
Making PyString_FromFormatV() build an empty string on 2.7 will fail and raise the following error:
SystemError: Objects/stringobject.c:3903: bad argument to internal function

It does not matter if format is empty or not (e.g., both PyString_FromFormat("") and PyString_FromFormat("%s", "")).

The exception is raised from _PyString_Resize() (called at the end of PyString_FromFormatV()), because the string given to that method has a ref count different than 1. This is expected for empty strings, because PyString_FromStringAndSize() returns a reference to <nullstring> when <size> is 0.

A possible fix would be to prevent the call to _PyString_Resize() from PyString_FromFormatV() if <string> is equal to <nullstring>, or if there is no need to resize the string.

Python 3 versions before 3.6 might be impacted as well through PyBytes_FromFormatV() (cannot check).

The following code can be used to trigger the bug:

    static int dobug(const char *fmt, ...) {
        va_list args;
        va_start(args, fmt);
    
        PyObject *str = PyString_FromFormatV(fmt, args);
        va_end(args);
    
        if(str == NULL) {
            fprintf(stderr, "Error: PyString_FromFormatV(%s) returned NULL\n", fmt);
            return -1;
        }
    
        Py_DECREF(str);
    
        return 0;
    }

    static PyObject* bug(PyObject *self) {
        fprintf(stderr, "dobug(\"\") => %d\n", dobug(""));
        fprintf(stderr, "dobug(\"%%s\", \"\") => %d\n", dobug("%s", ""));
    
        if(PyErr_Occurred()) return NULL;
        Py_RETURN_NONE;
    }
History
Date User Action Args
2018-06-09 20:36:16Teysetrecipients: + Tey
2018-06-09 20:36:16Teysetmessageid: <1528576576.56.0.592728768989.issue33817@psf.upfronthosting.co.za>
2018-06-09 20:36:16Teylinkissue33817 messages
2018-06-09 20:36:16Teycreate