| msg302962 - (view) |
Author: Oren Milman (Oren Milman) * |
Date: 2017-09-25 16:47 |
| The following code causes the interpreter to crash: class BadInt: def __divmod__(*args): return 42 import os os.utime('foo.txt', ns=(BadInt(), 1)) This is because split_py_long_to_s_and_ns() (in Modules/posixmodule.c) assumes that PyNumber_Divmod() returns a 2-tuple, and passes it to PyTuple_GET_ITEM(), which assumes it is a tuple. Thus, PyTuple_GET_ITEM() might return a non-NULL value which is not an address of a Python object. |
|
|
| msg302976 - (view) |
Author: Oren Milman (Oren Milman) * |
Date: 2017-09-25 19:50 |
| I opened a PR. I think another fix might be to use PyLong_Type.tp_as_number->long_divmod() instead of PyNumber_Divmod(). |
|
|
| msg303020 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) *  |
Date: 2017-09-26 07:46 |
| There is also similar issue in timedelta.__divmod__. PyLong_Type.tp_as_number->nb_divmod() works only with integers. The different way of solving this issue is used in microseconds_to_delta_ex() in _datetimemodule.c. Perhaps the best solution is to add a check that the result of nb_divmod() is a 2-tuple in PyNumber_Divmod(). This could fix similar errors in third-party code. What is your thoughts Mark? |
|
|
| msg324940 - (view) |
Author: Zachary Ware (zach.ware) * |
Date: 2018-09-10 17:54 |
| We definitely can't make that change to PyNumber_Divmod in 3.7 at this point, I'm sure someone somewhere is relying on being able to get arbitrary information out of their objects with `divmod(crazy_object)`. I don't know enough math to say whether there could be any legitimate mathematical use for arbitrary return values so I leave it to others to determine whether we could make that consider that change in 3.8 just to clean things up. I've looked through _datetimemodule.c and I don't see how timedelta.__divmod__ could fail like this, since it actually creates new timedelta objects from its arguments to work from. |
|
|
| msg324941 - (view) |
Author: Zachary Ware (zach.ware) * |
Date: 2018-09-10 17:57 |
| Adding Ned and marking as release blocker as this is a crasher in 3.7.0. |
|
|
| msg325154 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2018-09-12 18:25 |
| @Serihy, @Mark, others, any suggestions for what to do for 3.7.1? |
|
|
| msg325166 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2018-09-12 18:46 |
| PR 3752 LGTM. I have reran CI tests, if they will be passed, the PR can be merged. This PR was not merged only because we discussed possible alternate solutions and lost an opportunity to merge it for 3.7.0. I agree that timedelta.__divmod__ doesn't have such issue. |
|
|
| msg325171 - (view) |
Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2018-09-12 19:14 |
| New changeset 0bd1a2dcfdf36b181385ae61361e7692f4ebb0fd by Serhiy Storchaka (Oren Milman) in branch 'master': bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752) https://github.com/python/cpython/commit/0bd1a2dcfdf36b181385ae61361e7692f4ebb0fd |
|
|
| msg325174 - (view) |
Author: miss-islington (miss-islington) |
Date: 2018-09-12 19:46 |
| New changeset 329ea4ef7cc3a907a64c6f0702fc93206b6744de by Miss Islington (bot) in branch '3.7': bpo-31577: Fix a crash in os.utime() in case of a bad ns argument. (GH-3752) https://github.com/python/cpython/commit/329ea4ef7cc3a907a64c6f0702fc93206b6744de |
|
|
| msg325257 - (view) |
Author: Ned Deily (ned.deily) * |
Date: 2018-09-13 15:27 |
| Thanks, Serihy. Can we either close this now or remove 3.7 and "release blocker"? |
|
|
| msg325259 - (view) |
Author: Zachary Ware (zach.ware) * |
Date: 2018-09-13 15:50 |
| The crash is fixed, so I've lowered the priority. Serhiy, are you still interested in pursuing an alternative fix in 3.8, or content with what's merged? |
|
|
| msg325397 - (view) |
Author: Zachary Ware (zach.ware) * |
Date: 2018-09-14 20:50 |
| Serhiy has opened bpo-34676 for the idea of restricting PyNumber_Divmod()'s return type, so I'm closing the issue. |
|
|