Skip to content

gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode #126118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Jan 31, 2025
Merged

gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode #126118

merged 12 commits into from
Jan 31, 2025
+5 −3

Conversation

federicovalenso
Copy link
Contributor

@federicovalenso federicovalenso commented Oct 29, 2024
edited by bedevere-app bot
Loading

@ghost
Copy link

ghost commented Oct 29, 2024
edited by ghost
Loading

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-app
Copy link

bedevere-app bot commented Oct 29, 2024

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@bedevere-app bedevere-app bot mentioned this pull request Oct 29, 2024
Closed
federicovalenso and others added 6 commits October 29, 2024 16:01
@federicovalenso @picnixz
Update Misc/NEWS.d/next/Security/2024-10-29-09-15-10.gh-issue-126108.…
0fb17bc 
…eTIjHY.rst

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@federicovalenso
add assert
6c22e44
@federicovalenso
Merge branch 'bug/potential-null-pointer-dereference-in-PySys_AddWarn…
6cd01fd 
…OptionUnicode' of github.com:federicovalenso/cpython into bug/potential-null-pointer-dereference-in-PySys_AddWarnOptionUnicode
@federicovalenso
fix spaces
a969026
@federicovalenso
fix unbalanced literal markup
1667599
@federicovalenso
fix backticks
9323183
tomasr8
tomasr8 reviewed Oct 29, 2024
View reviewed changes
@federicovalenso @tomasr8
Update Python/sysmodule.c
5cd8e30 
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
@ZeroIntensity
Copy link
Member

Typically, the convention in the C API is to fully disallow calling without the GIL, via _Py_EnsureTstateNotNULL. But I'm happy with this if there's a real use case for calling PySys_AddWarnOptionUnicode without it.

@picnixz picnixz added needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes labels Oct 29, 2024
picnixz
picnixz reviewed Oct 30, 2024
View reviewed changes
Copy link
Member

@picnixz picnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (conditioned to a question) cc @sobolevn

Python/sysmodule.c
if (tstate) {
_PyErr_Clear(tstate);
}
_PyErr_Clear(tstate);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that there's no way to make tstate NULL in _PySys_AddWarnOptionWithError.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, assert is the way to go here. We should not call these functions in places where tstate can be NULL (while interpreter startup / shutdown).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it actually make sense to have _PyErr_Clear do this automatically?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, in that case, I would like PySys_AddWarnOptionUnicode to fail with a fatal error if called without the GIL. No-oping because of a null thread state isn't common at all in the C API.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I do some other changes or leave as is?

Copy link
Member

@picnixz picnixz Oct 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also do it in _PySys_AddWarnOptionWithError? WDYT @ZeroIntensity?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think assert(tstate != NULL) is fine for the private API.

ZeroIntensity
ZeroIntensity requested changes Oct 30, 2024
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two main changes here (my suggestions address both):

  • Functions in the C API shouldn't no-op if called without the GIL. Instead, we typically use _Py_EnsureTstateNotNULL to send a fatal error.
  • This function can clear the error state, so any prior exceptions are lost. It's a good idea to make sure that callers aren't doing that on debug builds.

federicovalenso and others added 2 commits October 31, 2024 09:36
@federicovalenso @ZeroIntensity
Apply suggession for Python/sysmodule.c
67b9de2 
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
@federicovalenso @ZeroIntensity
Apply suggession for Python/sysmodule.c
7d0754f 
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
sobolevn
sobolevn approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@sobolevn sobolevn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@picnixz picnixz requested a review from ZeroIntensity October 31, 2024 12:05
ZeroIntensity
ZeroIntensity approved these changes Oct 31, 2024
View reviewed changes
Copy link
Member

@ZeroIntensity ZeroIntensity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@federicovalenso
Copy link
Contributor Author

@ericsnowcurrently, please review the code :)

@ericsnowcurrently ericsnowcurrently removed their request for review November 19, 2024 20:13
@federicovalenso
Copy link
Contributor Author

@picnixz , can we merge this PR? Changes approved by all reviewers.

@picnixz picnixz mentioned this pull request Jan 12, 2025
Closed
@kumaraditya303 kumaraditya303 merged commit fad36bf into python:main Jan 31, 2025
43 checks passed
@miss-islington-app
Copy link

Thanks @federicovalenso for the PR, and @kumaraditya303 for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12, 3.13.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 31, 2025
@federicovalenso @miss-islington
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
1e36f67 
…WarnOptionUnicode` (pythonGH-126118)

(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app
Copy link

bedevere-app bot commented Jan 31, 2025

GH-129520 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Jan 31, 2025
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 31, 2025
@federicovalenso @miss-islington
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
99704de 
…WarnOptionUnicode` (pythonGH-126118)

(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
@bedevere-app
Copy link

bedevere-app bot commented Jan 31, 2025

GH-129522 is a backport of this pull request to the 3.12 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.12 only security fixes label Jan 31, 2025
@miss-islington-app
Copy link

Sorry @federicovalenso and @kumaraditya303, I had trouble completing the backport.
Please retry by removing and re-adding the "needs backport to 3.12" label.
Please backport backport using cherry_picker on the command line.

cherry_picker fad36bf38248130bc48b81a5e7c31a7649a6456e 3.12

kumaraditya303 pushed a commit that referenced this pull request Jan 31, 2025
@miss-islington @federicovalenso
[3.12] gh-126108: Fix potential null pointer dereference in `PySys_Ad…
40d7f74 
…dWarnOptionUnicode` (GH-126118) (#129522)

gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)
(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
kumaraditya303 pushed a commit that referenced this pull request Jan 31, 2025
@miss-islington @federicovalenso
[3.13] gh-126108: Fix potential null pointer dereference in `PySys_Ad…
0468ea1 
…dWarnOptionUnicode` (GH-126118) (#129520)

gh-126108: Fix potential null pointer dereference in `PySys_AddWarnOptionUnicode` (GH-126118)
(cherry picked from commit fad36bf)

Co-authored-by: Valery Fedorenko <federicovalenso@gmail.com>
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this pull request Feb 7, 2025
@federicovalenso @srinivasreddy
pythongh-126108: Fix potential null pointer dereference in `PySys_Add…
584c90b 
…WarnOptionUnicode` (python#126118)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomasr8 tomasr8 tomasr8 left review comments

@ZeroIntensity ZeroIntensity ZeroIntensity approved these changes

@kumaraditya303 kumaraditya303 kumaraditya303 left review comments

@StanFromIreland StanFromIreland StanFromIreland left review comments

@sobolevn sobolevn sobolevn approved these changes

@picnixz picnixz picnixz approved these changes

Assignees

@kumaraditya303 kumaraditya303

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@federicovalenso @ZeroIntensity @sobolevn @tomasr8 @picnixz @kumaraditya303 @StanFromIreland