[Python-bugs-list] [ python-Bugs-534347 ] Potential AV in vgetargskeywords

noreply@sourceforge.net noreply@sourceforge.net
Wed, 27 Mar 2002 09:20:31 -0800


Bugs item #534347, was opened at 2002-03-24 07:30
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=534347&group_id=5470

Category: Python Interpreter Core
Group: Python 2.2
Status: Open
Resolution: None
Priority: 5
Submitted By: Greg Chapman (glchapman)
Assigned to: Nobody/Anonymous (nobody)
Summary: Potential AV in vgetargskeywords

Initial Comment:
If you are dumb enough to do what I just did, pass a 
dictionary with non-string keys to 
PyEval_CallObjectWithKeyWords, you may cause an access 
violation in Python (if the call ends up going through 
PyArg_ParseTupleAndKeywords).  The problem is in the 
section of vgetargskeywords which checks for 
extraneous keyword arguments: it does not check to 
make sure PyString_AsString(key) succeeded.  Attached 
is a simple patch.


----------------------------------------------------------------------

>Comment By: Greg Chapman (glchapman)
Date: 2002-03-27 08:20

Message:
Logged In: YES 
user_id=86307

On second thought, perhaps I didn't follow 
PyEval_EvalCodeEx closely enough.  PyString_AsString can 
succeed for some non-string types (unicode, etc.), but 
these keys would not work if passed to PyEval_EvalCodeEx.  
So attached is a second version of the patch which calls 
PyString_Check before calling PyString_AsString. 

----------------------------------------------------------------------

Comment By: Greg Chapman (glchapman)
Date: 2002-03-27 07:55

Message:
Logged In: YES 
user_id=86307

I don't think calling PyErr_Clear is necessary given the 
current implementation; both PyErr_Clear and 
PyErr_SetString ultimately call PyErr_Restore, which clears 
the old error.

As for passing the error through, that might be a better 
choice.  I put in the PyErr_SetString to try to follow the 
behavior of PyEval_EvalCodeEx when it gets non-string keys 
in a keyword dict.


----------------------------------------------------------------------

Comment By: Martin v. L÷wis (loewis)
Date: 2002-03-27 03:40

Message:
Logged In: YES 
user_id=21627

I think you need to clear the previous exception which is
indicated by the NULL return value (or just let it trough as
is).

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=534347&group_id=5470