Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Crash inUnicodeError.__str__ with attributes have custom__str__ #128974

Closed
Assignees
picnixz
Labels
interpreter-core(Objects, Python, Grammar, and Parser dirs)topic-unicodetype-crashA hard crash of the interpreter, possibly with a core dump
@picnixz

Description

@picnixz

Crash report

What happened?

classEvil(str):def__str__(self):delexc.objectreturn'evil'exc=UnicodeEncodeError(Evil(),"object",0,0,Evil())str(exc)

results inSegmentation fault (core dumped). Another possibility for a crash:

classEvil(str):def__str__(self):delexc.objectreturn'evil'exc=UnicodeEncodeError(Evil(),"object",0,0,Evil())str(exc)

results in

python: ./Include/cpython/unicodeobject.h:286: PyUnicode_GET_LENGTH: Assertion `PyUnicode_Check(op)' failed.Aborted (core dumped)

The segmentation fault is quite easy to fix:

reason_str=PyObject_Str(exc->reason);if (reason_str==NULL) {    gotodone;}encoding_str=PyObject_Str(exc->encoding);if (encoding_str==NULL) {    gotodone;}Py_ssize_tlen=PyUnicode_GET_LENGTH(exc->object);

It occurs inPyUnicode_GET_LENGTH(exc->object);. And the reason is thatPyObject_Str(...) may call artrbitary code.

I have a PR ready that I will post soon.

See#128975 (comment) for the rationale of not backporting it.

CPython versions tested on:

CPython main branch

Linked PRs

Metadata

Metadata

Assignees

Labels

interpreter-core(Objects, Python, Grammar, and Parser dirs)topic-unicodetype-crashA hard crash of the interpreter, possibly with a core dump

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    [8]ページ先頭
    ©2009-2025 Movatter.jp