Skip to content

Potential null pointer dereference in PySys_AddWarnOptionUnicode #126108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
federicovalenso opened this issue Oct 29, 2024 · 3 comments
Closed

Potential null pointer dereference in PySys_AddWarnOptionUnicode #126108

federicovalenso opened this issue Oct 29, 2024 · 3 comments
Labels
3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes easy interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error

Comments

@federicovalenso
Copy link
Contributor

federicovalenso commented Oct 29, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

Pointer tstate is compared to a NULL value here, but above there is a dereference. Stack trace: _PySys_AddWarnOptionWithError -> get_warnoptions -> _PySys_GetAttr. Correct code should look like this:

void
PySys_AddWarnOptionUnicode(PyObject *option)
{
    PyThreadState *tstate = _PyThreadState_GET();
    if (tstate && _PySys_AddWarnOptionWithError(tstate, option) < 0) {
        /* No return value, therefore clear error state if possible */
        _PyErr_Clear(tstate);
    }
}

CPython versions tested on:

3.11

Operating systems tested on:

No response

Linked PRs
@federicovalenso federicovalenso added the type-bug An unexpected behavior, bug, or error label Oct 29, 2024
@picnixz picnixz changed the title Potential null pointer dereference Potential null pointer dereference in PySys_AddWarnOptionUnicode Oct 29, 2024
@picnixz picnixz added interpreter-core (Objects, Python, Grammar, and Parser dirs) easy 3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes labels Oct 29, 2024
@picnixz
Copy link
Member

picnixz commented Oct 29, 2024
edited
Loading

Thanks for spotting this. This still happens on main. Feel free to open a PR (I can do it as well if you want).

Note: 3.11 is security-only and this does not seem to count as a security issue unless someone is able to provide me a PoC of an exploit using that null pointer dereference.

@picnixz
Copy link
Member

picnixz commented Oct 29, 2024

cc @sobolevn since you are working on this batch of issues

@sobolevn
Copy link
Member

I haven't seen this one yet :)

@bedevere-app bedevere-app bot mentioned this issue Oct 29, 2024
Merged
kumaraditya303 pushed a commit that referenced this issue Jan 31, 2025
@federicovalenso
gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOp…
fad36bf 
…tionUnicode` (#126118)
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 31, 2025
@federicovalenso @miss-islington
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
1e36f67 
…WarnOptionUnicode` (pythonGH-126118)

(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app bedevere-app bot mentioned this issue Jan 31, 2025
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Jan 31, 2025
@federicovalenso @miss-islington
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
99704de 
…WarnOptionUnicode` (pythonGH-126118)

(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app bedevere-app bot mentioned this issue Jan 31, 2025
Merged
kumaraditya303 pushed a commit that referenced this issue Jan 31, 2025
@miss-islington @federicovalenso
[3.12] gh-126108: Fix potential null pointer dereference in `PySys_Ad…
40d7f74 
…dWarnOptionUnicode` (GH-126118) (#129522)

gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)
(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
kumaraditya303 pushed a commit that referenced this issue Jan 31, 2025
@miss-islington @federicovalenso
[3.13] gh-126108: Fix potential null pointer dereference in `PySys_Ad…
0468ea1 
…dWarnOptionUnicode` (GH-126118) (#129520)

gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)
(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this issue Feb 7, 2025
@federicovalenso @srinivasreddy
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
584c90b 
…WarnOptionUnicode` (python#126118)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.12 only security fixes 3.13 bugs and security fixes 3.14 bugs and security fixes easy interpreter-core (Objects, Python, Grammar, and Parser dirs) type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sobolevn @picnixz @federicovalenso @kumaraditya303