Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault when instantiating decimal.SignalDictMixin type #106263

Closed
CharlieZhao95 opened this issue Jun 30, 2023 · 2 comments
Closed

Segmentation fault when instantiating decimal.SignalDictMixin type #106263

CharlieZhao95 opened this issue Jun 30, 2023 · 2 comments
Labels
type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@CharlieZhao95
Copy link
Contributor

CharlieZhao95 commented Jun 30, 2023
edited by bedevere-bot

Crash report

The following code will causes a segmentation fault:

>>> import decimal
>>> tp = type(decimal.Context().flags)  # SignalDict type
>>> tp()  # Segmentation fault

This code instantiates an object of SignalDict type (inherited from the base class SignalDictMixin) and tries to print the contents of the object (use repr).

The problem is caused by the following C code, where the signaldict_repr function accesses a null pointer.

static int
signaldict_init(PyObject *self, PyObject *args UNUSED, PyObject *kwds UNUSED)
{
    SdFlagAddr(self) = NULL;
    return 0;
}
...
static PyObject *
signaldict_repr(PyObject *self)
{
    ...
    for (cm=signal_map, i=0; cm->name != NULL; cm++, i++) {
        n[i] = cm->fqname;
        // Access NULL pointer here
        b[i] = SdFlags(self)&cm->flag ? "True" : "False";
    }
    ...
}

Your environment

  • CPython versions tested on: 3.13.0.0a0, 3.10.2
  • Operating system and architecture: Ubuntu 22.04.1 LTS, Windows 11

Linked PRs
@CharlieZhao95 CharlieZhao95 added the type-crash A hard crash of the interpreter, possibly with a core dump label Jun 30, 2023
@CharlieZhao95
Copy link
Contributor Author

Note: This problem will not be triggered normally, because we will assign a value to SignalDict in the constructor of decimal.Context(). We usually don't manually construct a SignalDict object.

>>> import decimal
>>> flags = decimal.Context().flags
>>> tp = type(flags)
>>> tp
<class 'abc.SignalDict'>
>>> flags
{<class 'decimal.InvalidOperation'>:False, <class 'decimal.FloatOperation'>:False, <class 'decimal.DivisionByZero'>:False, <class 'decimal.Overflow'>:False, <class 'decimal.Underflow'>:False, <class 'decimal.Subnormal'>:False, <class 'decimal.Inexact'>:False, <class 'decimal.Rounded'>:False, <class 'decimal.Clamped'>:False}

@CharlieZhao95
Copy link
Contributor Author

CharlieZhao95 commented Jun 30, 2023
edited

The simplest solution is to assign default values to signaldict object in the signaldict_init function. I will propose a fix. :)

@bedevere-bot bedevere-bot mentioned this issue Jun 30, 2023
Merged
kumaraditya303 pushed a commit that referenced this issue Jul 30, 2023
@CharlieZhao95 @sunmy2019
gh-106263: Fix segfault in signaldict_repr in _decimal module (#1…
3979150 
…06270)

Co-authored-by: sunmy2019 <59365878+sunmy2019@users.noreply.github.com>
CharlieZhao95 added a commit to CharlieZhao95/cpython that referenced this issue Jul 31, 2023
@CharlieZhao95
pythongh-106263: Fix segfault in signaldict_repr in _decimal modu…
21c6868 
…le (python#106270)

Co-authored-by: sunmy2019 <59365878+sunmy2019@users.noreply.github.com>
(cherry picked from commit 3979150)
CharlieZhao95 added a commit to CharlieZhao95/cpython that referenced this issue Jul 31, 2023
@CharlieZhao95
pythongh-106263: Fix segfault in signaldict_repr in _decimal modu…
85c4e3c 
…le (python#106270)

Co-authored-by: sunmy2019 <59365878+sunmy2019@users.noreply.github.com>
(cherry picked from commit 3979150)
This was referenced Jul 31, 2023
Merged
Merged
ambv pushed a commit that referenced this issue Jul 31, 2023
@CharlieZhao95
[3.12] gh-106263: Fix segfault in signaldict_repr in _decimal mod…
99518bb 
…ule (#… (#107491)

Co-authored-by: sunmy2019 <59365878+sunmy2019@users.noreply.github.com>

(cherry picked from commit 3979150)
ambv pushed a commit that referenced this issue Jul 31, 2023
@CharlieZhao95
[3.11] gh-106263: Fix segfault in signaldict_repr in _decimal mod…
a15d06c 
…ule (#… (#107490)

Co-authored-by: sunmy2019 <59365878+sunmy2019@users.noreply.github.com>
(cherry picked from commit 3979150)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kumaraditya303 @CharlieZhao95