Skip to content

bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict(), PyEval_EvalCodeEx()#2919

Merged
serhiy-storchaka merged 2 commits into
python:masterfrom
ZackerySpytz:bpo-30640-ub-fastcalldict
Jul 31, 2017
Merged

bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict(), PyEval_EvalCodeEx()#2919
serhiy-storchaka merged 2 commits into
python:masterfrom
ZackerySpytz:bpo-30640-ub-fastcalldict

Conversation

@ZackerySpytz
Copy link
Copy Markdown
Contributor

@ZackerySpytz ZackerySpytz commented Jul 27, 2017
edited
Loading

In _PyFunction_FastCallDict(), k can be set to NULL, and arithmetic on a null pointer is undefined behavior. There is the same issue in PyEval_EvalCodeEx().

https://bugs.python.org/issue30640

vstinner
vstinner approved these changes Jul 27, 2017
View reviewed changes
Copy link
Copy Markdown
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@vstinner
Copy link
Copy Markdown
Member

vstinner commented Jul 27, 2017

@serhiy-storchaka: Can you please review the change? Does it do what do you want?

@serhiy-storchaka
Copy link
Copy Markdown
Member

serhiy-storchaka commented Jul 28, 2017

Yes, this change fixes an undefined behavior in _PyFunction_FastCallDict().

But there is the same issue in PyEval_EvalCodeEx(). NULL is passed as the kws argument to PyEval_EvalCodeEx() in __build_class__ implementation in bltinmodule.c. And kws + 1 is calculated in PyEval_EvalCodeEx().

@ZackerySpytz ZackerySpytz force-pushed the bpo-30640-ub-fastcalldict branch from 93329cf to 994647a Compare July 31, 2017 05:28
@ZackerySpytz ZackerySpytz changed the title bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict() bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict(), PyEval_EvalCodeEx() Jul 31, 2017
@serhiy-storchaka serhiy-storchaka added needs backport to 3.6 type-bug An unexpected behavior, bug, or error labels Jul 31, 2017
@serhiy-storchaka serhiy-storchaka merged commit c6ea897 into python:master Jul 31, 2017
@serhiy-storchaka
Copy link
Copy Markdown
Member

serhiy-storchaka commented Jul 31, 2017

Do you mind to backport the changes to 3.6 @ZackerySpytz? This is not trivial since the code was refactored.

ZackerySpytz added a commit to ZackerySpytz/cpython that referenced this pull request Jul 31, 2017
@ZackerySpytz
[3.6] bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict()…
f14432f 
… and PyEval_EvalCodeEx() (pythonGH-2919)

k + 1 was calculated with k = NULL..
(cherry picked from commit c6ea897)
@ZackerySpytz ZackerySpytz mentioned this pull request Jul 31, 2017
Merged
@bedevere-bot
Copy link
Copy Markdown

bedevere-bot commented Jul 31, 2017

GH-2964 is a backport of this pull request to the 3.6 branch.

vstinner pushed a commit that referenced this pull request Sep 8, 2017
@ZackerySpytz @vstinner
[3.6] bpo-30640: Fix undefined behavior in _PyFunction_FastCallDict()…
f032e92 
… and PyEval_EvalCodeEx() (GH-2919) (#2964)

k + 1 was calculated with k = NULL..
(cherry picked from commit c6ea897)
@ZackerySpytz ZackerySpytz deleted the bpo-30640-ub-fastcalldict branch September 8, 2017 15:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner approved these changes

@serhiy-storchaka serhiy-storchaka serhiy-storchaka approved these changes

Assignees

No one assigned

Labels

type-bug An unexpected behavior, bug, or error

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ZackerySpytz @vstinner @serhiy-storchaka @bedevere-bot @the-knights-who-say-ni