Skip to content

Lack of error handling in posix.stat implementation leads to crash on interrupt #102890

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chgnrdv opened this issue Mar 21, 2023 · 1 comment
Closed

Lack of error handling in posix.stat implementation leads to crash on interrupt #102890

chgnrdv opened this issue Mar 21, 2023 · 1 comment
Labels
extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@chgnrdv
Copy link
Contributor

chgnrdv commented Mar 21, 2023
edited by bedevere-bot
Loading

_pystat_fromstructstat function doesn't check that calls to _pystat_l128_from_l64_l64 or fill_time didn't fail and/or exception wasn't set on current tstate, so subsequent calls to fill_time can lead to crash. I can't find less complicated reproducer yet, since it may require some exotic and perhaps nonexistent data to be passed to posix.stat.
Reproduced on current main (76350e8), platform is linux (x86_64).

import posix
import random
import threading
import _thread
import time

def crasher_thread():
    time.sleep(0.000001 * random.randint(1, 30))
    _thread.interrupt_main()

def try_crash():
    try:
        ct = threading.Thread(target=crasher_thread)
        ct.start()
        posix.stat(__file__)  # filename of any existing file
        ct.join()
    except KeyboardInterrupt:
        pass

for i in range(1000):
    try_crash()

Output:

Fatal Python error: _Py_CheckSlotResult: Slot * of type int succeeded with an exception set
Python runtime state: initialized
KeyboardInterrupt

Current thread 0x00007f1a12016740 (most recent call first):
  File "/home/.../repro.py", line 15 in try_crash
  File "/home/.../repro.py", line 21 in <module>
Aborted (core dumped)

I'll submit a PR with possible fix.

Linked PRs
@chgnrdv chgnrdv added the type-crash A hard crash of the interpreter, possibly with a core dump label Mar 21, 2023
@chgnrdv chgnrdv mentioned this issue Mar 21, 2023
Closed
@arhadthedev arhadthedev added the extension-modules C modules in the Modules dir label Mar 22, 2023
@chgnrdv chgnrdv mentioned this issue Sep 20, 2023
Closed
@vstinner
Copy link
Member

I close this issue as a duplicate of issue #109613.

@vstinner vstinner mentioned this issue Sep 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

gh-102890: Fix error handling in posix.stat implementation
3 participants
@vstinner @arhadthedev @chgnrdv