Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-36819: Fix crashes in built-in encoders with weird error handlers #28593

Merged
merged 7 commits into from
May 2, 2022
Merged

bpo-36819: Fix crashes in built-in encoders with weird error handlers #28593

merged 7 commits into from
May 2, 2022

Conversation

serhiy-storchaka
Copy link
Member

@serhiy-storchaka serhiy-storchaka commented Sep 28, 2021
edited
Loading

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.

https://bugs.python.org/issue36819

#81000

@serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers
1a49d15 
If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
@serhiy-storchaka serhiy-storchaka added type-bug An unexpected behavior, bug, or error needs backport to 3.9 only security fixes needs backport to 3.10 only security fixes labels Sep 28, 2021
@serhiy-storchaka serhiy-storchaka mentioned this pull request Sep 28, 2021
Closed
@serhiy-storchaka
Copy link
Member Author

I need to add more tests for exceptions raised when an error handler returns invalid result, and analyze decoders.

vstinner
vstinner reviewed Sep 29, 2021
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, I'm not sure that it's worth it to handle this weird case: https://bugs.python.org/issue36819#msg402826

@serhiy-storchaka
Copy link
Member Author

There are existing tests for position out of range (even negative values). They just are not harsh enough to cause a crash.

The code needs to be changed even if we restrict returned values for error handlers.

@serhiy-storchaka serhiy-storchaka marked this pull request as ready for review October 15, 2021 16:50
@serhiy-storchaka
Copy link
Member Author

I have added more tests and it is now ready for review.

@serhiy-storchaka serhiy-storchaka merged commit 18b07d7 into python:main May 2, 2022
@miss-islington
Copy link
Contributor

Thanks @serhiy-storchaka for the PR 🌮🎉.. I'm working now to backport this PR to: 3.9, 3.10.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

@serhiy-storchaka serhiy-storchaka deleted the codecs-error-handler-pos branch May 2, 2022 09:37
@bedevere-bot bedevere-bot removed the needs backport to 3.10 only security fixes label May 2, 2022
@bedevere-bot
Copy link

GH-92136 is a backport of this pull request to the 3.10 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.9 only security fixes label May 2, 2022
@bedevere-bot
Copy link

GH-92137 is a backport of this pull request to the 3.9 branch.

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request May 2, 2022
@serhiy-storchaka @miss-islington
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
523de39 
…pythonGH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
miss-islington added a commit that referenced this pull request May 2, 2022
@miss-islington @serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
d985c8e 
…GH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
miss-islington added a commit that referenced this pull request May 2, 2022
@miss-islington @serhiy-storchaka
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
206f416 
…GH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
@ATalaba ATalaba mannequin mentioned this pull request Apr 10, 2022
Closed
hello-adam pushed a commit to hello-adam/cpython that referenced this pull request Jun 2, 2022
@miss-islington @serhiy-storchaka @hello-adam
bpo-36819: Fix crashes in built-in encoders with weird error handlers (
c110568 
…pythonGH-28593)

If the error handler returns position less or equal than the starting
position of non-encodable characters, most of built-in encoders didn't
properly re-size the output buffer. This led to out-of-bounds writes,
and segfaults.
(cherry picked from commit 18b07d7)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vstinner vstinner vstinner left review comments

@malemburg malemburg Awaiting requested review from malemburg

Assignees
No one assigned
Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@serhiy-storchaka @miss-islington @bedevere-bot @vstinner @the-knights-who-say-ni