Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode#126118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation

@federicovalenso
Copy link
Contributor

@federicovalensofedericovalenso commentedOct 29, 2024
edited by bedevere-appbot
Loading

@ghost
Copy link

ghost commentedOct 29, 2024
edited by ghost
Loading

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-app
Copy link

Most changes to Pythonrequire a NEWS entry. Add one using theblurb_it web app or theblurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply theskip news label instead.

federicovalensoand others added6 commitsOctober 29, 2024 16:01
…eTIjHY.rstCo-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
…OptionUnicode' of github.com:federicovalenso/cpython into bug/potential-null-pointer-dereference-in-PySys_AddWarnOptionUnicode
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
@ZeroIntensity
Copy link
Member

Typically, the convention in the C API is to fully disallow calling without the GIL, via_Py_EnsureTstateNotNULL. But I'm happy with this if there's a real use case for callingPySys_AddWarnOptionUnicode without it.

@picnixzpicnixz added needs backport to 3.12only security fixes needs backport to 3.13bugs and security fixes labelsOct 29, 2024
Copy link
Member

@picnixzpicnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

LGTM (conditioned to a question) cc@sobolevn

if (tstate) {
_PyErr_Clear(tstate);
}
_PyErr_Clear(tstate);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I assume that there's no way to maketstate NULL in_PySys_AddWarnOptionWithError.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I agree,assert is the way to go here. We should not call these functions in places wheretstate can beNULL (while interpreter startup / shutdown).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Would it actually make sense to have_PyErr_Clear do this automatically?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Ok, in that case, I would likePySys_AddWarnOptionUnicode to fail with a fatal error if called without the GIL. No-oping because of a null thread state isn't common at all in the C API.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should I do some other changes or leave as is?

Copy link
Member

@picnixzpicnixzOct 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should we also do it in_PySys_AddWarnOptionWithError? WDYT@ZeroIntensity?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I thinkassert(tstate != NULL) is fine for the private API.

picnixz reacted with thumbs up emoji
Copy link
Member

@ZeroIntensityZeroIntensity left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Two main changes here (my suggestions address both):

  • Functions in the C API shouldn't no-op if called without the GIL. Instead, we typically use_Py_EnsureTstateNotNULL to send a fatal error.
  • This function can clear the error state, so any prior exceptions are lost. It's a good idea to make sure that callers aren't doing that on debug builds.

federicovalensoand others added2 commitsOctober 31, 2024 09:36
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Copy link
Member

@sobolevnsobolevn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

LGTM

Copy link
Member

@ZeroIntensityZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thank you!

@federicovalenso
Copy link
ContributorAuthor

@ericsnowcurrently, please review the code :)

@ericsnowcurrentlyericsnowcurrently removed their request for reviewNovember 19, 2024 20:13
@federicovalenso
Copy link
ContributorAuthor

@picnixz , can we merge this PR? Changes approved by all reviewers.

@kumaraditya303kumaraditya303 merged commitfad36bf intopython:mainJan 31, 2025
39 checks passed
@miss-islington-app
Copy link

Thanks@federicovalenso for the PR, and@kumaraditya303 for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12, 3.13.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestJan 31, 2025
…WarnOptionUnicode` (pythonGH-126118)(cherry picked from commitfad36bf)Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app
Copy link

GH-129520 is a backport of this pull request to the3.13 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.13bugs and security fixes labelJan 31, 2025
miss-islington pushed a commit to miss-islington/cpython that referenced this pull requestJan 31, 2025
…WarnOptionUnicode` (pythonGH-126118)(cherry picked from commitfad36bf)Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app
Copy link

GH-129522 is a backport of this pull request to the3.12 branch.

@bedevere-appbedevere-appbot removed the needs backport to 3.12only security fixes labelJan 31, 2025
@miss-islington-app
Copy link

Sorry@federicovalenso and@kumaraditya303, I had trouble completing the backport.
Please retry by removing and re-adding the "needs backport to 3.12" label.
Please backport backport usingcherry_picker on the command line.

cherry_picker fad36bf38248130bc48b81a5e7c31a7649a6456e 3.12

kumaraditya303 pushed a commit that referenced this pull requestJan 31, 2025
…dWarnOptionUnicode` (GH-126118) (#129522)gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)(cherry picked from commitfad36bf)Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
kumaraditya303 pushed a commit that referenced this pull requestJan 31, 2025
…dWarnOptionUnicode` (GH-126118) (#129520)gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)(cherry picked from commitfad36bf)Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this pull requestFeb 7, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@tomasr8tomasr8tomasr8 left review comments

@ZeroIntensityZeroIntensityZeroIntensity approved these changes

@kumaraditya303kumaraditya303kumaraditya303 left review comments

@StanFromIrelandStanFromIrelandStanFromIreland left review comments

@sobolevnsobolevnsobolevn approved these changes

@picnixzpicnixzpicnixz approved these changes

Assignees

@kumaraditya303kumaraditya303

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@federicovalenso@ZeroIntensity@sobolevn@tomasr8@picnixz@kumaraditya303@StanFromIreland
[8]ページ先頭
©2009-2025 Movatter.jp