Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-36819: Fix crashes in built-in encoders with weird error handlers #28593

Merged
merged 7 commits into from May 2, 2022
Merged

bpo-36819: Fix crashes in built-in encoders with weird error handlers #28593

merged 7 commits into from May 2, 2022
+222 −32

Conversation

serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Sep 28, 2021
edited

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.

https://bugs.python.org/issue36819

#81000

@serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers
1a49d15 
If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
@serhiy-storchaka serhiy-storchaka mentioned this pull request Sep 28, 2021
Closed
@serhiy-storchaka
Copy link
Member Author

serhiy-storchaka commented Sep 28, 2021

I need to add more tests for exceptions raised when an error handler returns invalid result, and analyze decoders.

vstinner
vstinner reviewed Sep 29, 2021
View changes
Copy link
Member

@vstinner vstinner left a comment

Honestly, I'm not sure that it's worth it to handle this weird case: https://bugs.python.org/issue36819#msg402826

@serhiy-storchaka
Copy link
Member Author

serhiy-storchaka commented Sep 29, 2021

There are existing tests for position out of range (even negative values). They just are not harsh enough to cause a crash.

The code needs to be changed even if we restrict returned values for error handlers.

@serhiy-storchaka serhiy-storchaka marked this pull request as ready for review Oct 15, 2021
@serhiy-storchaka serhiy-storchaka requested a review from malemburg Oct 15, 2021
@serhiy-storchaka
Copy link
Member Author

serhiy-storchaka commented Oct 15, 2021

I have added more tests and it is now ready for review.

@serhiy-storchaka serhiy-storchaka merged commit 18b07d7 into python:main May 2, 2022
13 checks passed
@miss-islington
Copy link
Contributor

miss-islington commented May 2, 2022

Thanks @serhiy-storchaka for the PR 🌮🎉.. I'm working now to backport this PR to: 3.9, 3.10.
🐍🍒🤖 I'm not a witch! I'm not a witch!

@serhiy-storchaka serhiy-storchaka deleted the codecs-error-handler-pos branch May 2, 2022
@bedevere-bot
Copy link

bedevere-bot commented May 2, 2022

GH-92136 is a backport of this pull request to the 3.10 branch.

@bedevere-bot
Copy link

bedevere-bot commented May 2, 2022

GH-92137 is a backport of this pull request to the 3.9 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 2, 2022
@serhiy-storchaka @miss-islington
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
523de39 
…pythonGH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
miss-islington added a commit that referenced this pull request May 2, 2022
@miss-islington @serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
d985c8e 
…GH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
miss-islington added a commit that referenced this pull request May 2, 2022
@miss-islington @serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
206f416 
…GH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
@ATalaba ATalaba mannequin mentioned this pull request Apr 10, 2022
Closed
hello-adam pushed a commit to hello-adam/cpython that referenced this pull request Jun 2, 2022
@miss-islington @serhiy-storchaka @hello-adam
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
c110568 
…pythonGH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner

@malemburg malemburg

Assignees
No one assigned
Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@serhiy-storchaka @miss-islington @bedevere-bot @vstinner @the-knights-who-say-ni