Message357554
The problem arises from this code in do_mktuple(), staring at line 394 in modsupport.c:
if (**p_format == '#') {
++*p_format;
if (flags & FLAG_SIZE_T)
n = va_arg(*p_va, Py_ssize_t);
else {
if (PyErr_WarnEx(PyExc_DeprecationWarning,
"PY_SSIZE_T_CLEAN will be required for '#' formats", 1)) {
return NULL;
}
n = va_arg(*p_va, int);
}
}
If this is entered with an exception raised, PyErr_WarnEx() return NULL, thus this function return NULL without consuming the argument relative to the string length for the "s#" specifier. This argument is then consumed at the next iteration for the "O" specifier, resulting in a segmentation fault when the string length is interpreted as an object pointer.
I don't know what is the best solution: either ignoring the return value of PyErr_WarnEx or swapping the lines from
if (PyErr_WarnEx(PyExc_DeprecationWarning,
"PY_SSIZE_T_CLEAN will be required for '#' formats", 1)) {
return NULL;
}
n = va_arg(*p_va, int);
to
n = va_arg(*p_va, int);
if (PyErr_WarnEx(PyExc_DeprecationWarning,
"PY_SSIZE_T_CLEAN will be required for '#' formats", 1)) {
return NULL;
}
The handling of the "y#" just below suffers from the same problem. |
|
Date |
User |
Action |
Args |
2019-11-27 04:38:55 | danielen | set | recipients:
+ danielen, doko, lukasz.langa, steve.dower |
2019-11-27 04:38:55 | danielen | set | messageid: <1574829535.2.0.731319247849.issue38913@roundup.psfhosted.org> |
2019-11-27 04:38:55 | danielen | link | issue38913 messages |
2019-11-27 04:38:54 | danielen | create | |
|