Issue 28129: assertion failures in ctypes (original) (raw)

Created on 2016-09-13 15:14 by Oren Milman, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (8)

msg276288 - (view)

Author: Oren Milman (Oren Milman) *

Date: 2016-09-13 15:14

------------ current state ------------ In Modules_ctypes_ctypes.c, there are six functions with assertions that might fail: 1. CDataType_from_buffer 2. CDataType_from_buffer_copy 3. PyCPointerType_set_type 4. PyCPointerType_from_param 5. PyCSimpleType_from_param 6. _validate_paramflags The following is true for each of these functions: - It assumes its first argument is a subclass (or an instance of a subclass) of some abstract ctype, which means it (the first argument) has a storage dict. - Thus, it asserts its first argument has a storage dict. - However, its first argument might be some abstract ctype (and not a subclass (or an instance of a subclass) of that abstract ctype), in which case the assertion fails.

In Modules_ctypes\cfield.c, there are two functions with assertions that might fail: 1. PyCField_set 2. PyCField_get These functions are the C implementations of the set and get functions (respectively) of the CFeild type. Each of them asserts its instance argument is a CDataObject, which might not be true.

------------ proposed changes ------------ Replace each of these assertions with an if statement that raises an exception in case of an invalid argument.

------------ diff ------------ The proposed patches diff file is attached.

------------ tests ------------ I wrote an ugly script to verify the assertion failures on CPython without my patches, and to test the patches on CPython with my patches. The script is attached, but it would probably fail on a non-Windows machine.

I built the patched CPython for x86, and played with it a little. Everything seemed to work as usual.

In addition, I ran 'python_d.exe -m test -j3' (on my 64-bit Windows 10) with and without the patches, and got quite the same output. The outputs of both runs are attached.

msg288778 - (view)

Author: Oren Milman (Oren Milman) *

Date: 2017-03-02 00:00

The fix for issue #25659 already replaced the assertions in CDataType_from_buffer and CDataType_from_buffer_copy with if statements (my bad for missing that issue when I opened this one). In addition, that fix added some tests, so I also added some, and created a pull request.

I run the test module again, and on my Windows 10, the same tests failed with and without my patches. However, on my Ubuntu 16.04 VM, none of the tests failed.

msg290342 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-03-24 23:13

New changeset 1bea762d9ec823544c530d567330a47f64d93d4f by Victor Stinner (orenmn) in branch 'master': bpo-28129: fix ctypes crashes (#386) https://github.com/python/cpython/commit/1bea762d9ec823544c530d567330a47f64d93d4f

msg303235 - (view)

Author: Oren Milman (Oren Milman) *

Date: 2017-09-28 13:37

Shouldn't we close this issue?

msg303239 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-09-28 14:11

Shouldn't we close this issue?

Oh, I forgot this issue.

Python 2.7 and 3.6 are also impacted and still accept bug fixes. I proposed backports.

msg303243 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-09-28 14:31

New changeset 8b83687bdf66d2d10afb78e46bcede399deaefde by Victor Stinner in branch '2.7': bpo-28129: fix ctypes crashes (#386) (#3800) https://github.com/python/cpython/commit/8b83687bdf66d2d10afb78e46bcede399deaefde

msg303244 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-09-28 14:32

New changeset 7d6ddb96b34b94c1cbdf95baa94492c48426404e by Victor Stinner in branch '3.6': bpo-28129: fix ctypes crashes (#386) (#3799) https://github.com/python/cpython/commit/7d6ddb96b34b94c1cbdf95baa94492c48426404e

msg303245 - (view)

Author: STINNER Victor (vstinner) * (Python committer)

Date: 2017-09-28 14:33

Ok, now the issue can be closed :-) I backported Oren Milman's fix to Python 2.7 and 3.6 as well.

Oren Milman: thank you very much for your fix!

History

Date

User

Action

Args

2022-04-11 14:58:36

admin

set

github: 72316

2017-09-28 14:33:09

vstinner

set

status: open -> closed
resolution: fixed
messages: +

stage: patch review -> resolved

2017-09-28 14:32:13

vstinner

set

messages: +

2017-09-28 14:31:43

vstinner

set

messages: +

2017-09-28 14:11:44

vstinner

set

messages: +
versions: + Python 2.7, Python 3.6

2017-09-28 14:11:15

vstinner

set

pull_requests: + <pull%5Frequest3786>

2017-09-28 14:09:36

vstinner

set

stage: patch review
pull_requests: + <pull%5Frequest3785>

2017-09-28 13:37:40

Oren Milman

set

messages: +

2017-03-24 23:13:47

vstinner

set

nosy: + vstinner
messages: +

2017-03-02 22:01:32

christian.heimes

set

pull_requests: + <pull%5Frequest335>

2017-03-02 00:00:57

Oren Milman

set

messages: +

2017-03-01 23:57:07

python-dev

set

pull_requests: + <pull%5Frequest322>

2017-02-22 19:45:31

vinay.sajip

set

nosy: + vinay.sajip

2016-09-13 15:17:09

Oren Milman

set

files: + patchedCPythonTestOutput_ver1.txt

2016-09-13 15:16:33

Oren Milman

set

files: + CPythonTestOutput.txt

2016-09-13 15:15:06

Oren Milman

set

files: + issue28129_ver1.diff
keywords: + patch

2016-09-13 15:14:14

Oren Milman

create