[Python-bugs-list] [ python-Bugs-534347 ] Potential AV in vgetargskeywords
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 04 Apr 2002 08:27:24 -0800
Bugs item #534347, was opened at 2002-03-24 11:30
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=534347&group_id=5470
Category: Python Interpreter Core
Group: Python 2.2
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Greg Chapman (glchapman)
>Assigned to: Guido van Rossum (gvanrossum)
Summary: Potential AV in vgetargskeywords
Initial Comment:
If you are dumb enough to do what I just did, pass a
dictionary with non-string keys to
PyEval_CallObjectWithKeyWords, you may cause an access
violation in Python (if the call ends up going through
PyArg_ParseTupleAndKeywords). The problem is in the
section of vgetargskeywords which checks for
extraneous keyword arguments: it does not check to
make sure PyString_AsString(key) succeeded. Attached
is a simple patch.
----------------------------------------------------------------------
>Comment By: Guido van Rossum (gvanrossum)
Date: 2002-04-04 11:27
Message:
Logged In: YES
user_id=6380
Fixed in CVS. Thanks!
----------------------------------------------------------------------
Comment By: Greg Chapman (glchapman)
Date: 2002-03-27 12:20
Message:
Logged In: YES
user_id=86307
On second thought, perhaps I didn't follow
PyEval_EvalCodeEx closely enough. PyString_AsString can
succeed for some non-string types (unicode, etc.), but
these keys would not work if passed to PyEval_EvalCodeEx.
So attached is a second version of the patch which calls
PyString_Check before calling PyString_AsString.
----------------------------------------------------------------------
Comment By: Greg Chapman (glchapman)
Date: 2002-03-27 11:55
Message:
Logged In: YES
user_id=86307
I don't think calling PyErr_Clear is necessary given the
current implementation; both PyErr_Clear and
PyErr_SetString ultimately call PyErr_Restore, which clears
the old error.
As for passing the error through, that might be a better
choice. I put in the PyErr_SetString to try to follow the
behavior of PyEval_EvalCodeEx when it gets non-string keys
in a keyword dict.
----------------------------------------------------------------------
Comment By: Martin v. Löwis (loewis)
Date: 2002-03-27 07:40
Message:
Logged In: YES
user_id=21627
I think you need to clear the previous exception which is
indicated by the NULL return value (or just let it trough as
is).
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=534347&group_id=5470