[New-bugs-announce] [issue7561] Filename-taking functions in posix segfault when called with a bytearray arg.
Sebastian Hagen
report at bugs.python.org
Tue Dec 22 08:31:43 CET 2009
New submission from Sebastian Hagen <sh_pybugs at memespace.net>:
Various functions in the 'posix' module that take filename arguments
accept bytearray values for those arguments, and mishandle those objects
in a way that leads to segfaults.
Python 3.1 (r31:73572, Jul 23 2009, 23:41:26)
[GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> os.mkdir(bytearray(b'/'))
Segmentation fault
There's at least two seperate problems with the way posixmodule handles
these objects. The first is that the code isn't set up to handle NULL
retvals from PyByteArray_AS_STRING(), which occur for zero-byte
bytearray objects. This causes a NULL-pointer dereference in
PyUnicode_FSConverter() if you pass a zero-length bytearray.
The second issue is that release_bytes() calls bytearray_releasebuffer()
with NULL for the first argument, which directly leads to a NULL-pointer
dereference.
I'm attaching a patch against SVN 77001 which should fix both of these
issues.
----------
components: Library (Lib)
files: posixmodule_fn_bytearray_fix_01.patch
keywords: patch
messages: 96795
nosy: sh
severity: normal
status: open
title: Filename-taking functions in posix segfault when called with a bytearray arg.
type: crash
versions: Python 3.1, Python 3.2
Added file: http://bugs.python.org/file15660/posixmodule_fn_bytearray_fix_01.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue7561>
_______________________________________
More information about the New-bugs-announce
mailing list