bpo-37138: fix undefined behaviour with memcpy() on NULL array by jdemeyer · Pull Request #13867 · python/cpython

jdemeyer · 2019-06-06T16:00:49Z

https://bugs.python.org/issue37138

mangrisano · 2019-06-06T17:20:33Z

@vstinner Would you be able to review this fix, please? Thanks a lot. :)

mangrisano · 2019-06-06T17:21:26Z

In any case, I think should be added a test.

gpshead · 2019-06-06T18:10:27Z

I'm not sure an explicit test for this is really needed. (nice to have though)

From the bug, this code path was called all the time with the relevant 0 / null based on the undefined behavior sanitizer buildbot output (though I never bothered trying to trace what codepath's triggered it). So this case is covered by something. I'm just not sure explicitly how.

If you feel you can add a test that triggers this specific code path, go for it.

also, i've added the skip news label as this isn't really worth mentioning in news. its an internal only bugfix for a behavior in beta1 that shouldn't be tripping anyone up in reality.

gpshead

Approving, the code change makes sense. I'm not clicking merge for now in case @jdemeyer wants to add an explicit test. I'll leave that up to Jeroen.

jdemeyer · 2019-06-07T08:20:45Z

It occurs for example every time that _PyObject_CallNoArg() is used on a method object. There are plenty of code paths where this happens. To name just one: the implementation of with obj: calls obj.__enter__() (which is typically a method) this way.

jdemeyer · 2019-06-07T09:10:37Z

In fact, there is already an explicit test in test_fastcall in Lib/test/test_call.py

vstinner · 2019-06-07T14:37:24Z

In fact, there is already an explicit test in test_fastcall in Lib/test/test_call.py

Yep:

                if not args:
                    # args=NULL, nargs=0
                    result = _testcapi.pyobject_fastcall(func, None)
                    self.check_result(result, expected)

I wrote it because this code path caused troubles in the past ;-)

vstinner · 2019-06-07T14:38:00Z

Objects/classobject.c

        /* use borrowed references */
        newargs[0] = self;
-        memcpy(newargs + 1, args, totalargs * sizeof(PyObject *));
+        if (totalargs) { /* bpo-37138: if totalargs == 0, then args may be


I don't think that the comment is required.

@gpshead: what do you think?

I wrote the comment because the reason for that if (totalargs) is totally not obvious. It's an obscure point in the C standard that I was unaware of. I think that there are plenty of developers that do not know that memcpy(dst, NULL, 0) is undefined behaviour.

I'm in favor of such comments. :)

gpshead · 2019-06-07T18:01:13Z

Objects/classobject.c

        /* use borrowed references */
        newargs[0] = self;
-        memcpy(newargs + 1, args, totalargs * sizeof(PyObject *));
+        if (totalargs) { /* bpo-37138: if totalargs == 0, then args may be


I'm in favor of such comments. :)

miss-islington · 2019-06-07T18:01:56Z

Thanks @jdemeyer for the PR, and @gpshead for merging it 🌮🎉.. I'm working now to backport this PR to: 3.8.
🐍🍒⛏🤖

…nGH-13867) (cherry picked from commit 1f95317) Co-authored-by: Jeroen Demeyer <J.Demeyer@UGent.be>

bedevere-bot · 2019-06-07T18:02:08Z

GH-13900 is a backport of this pull request to the 3.8 branch.

) (cherry picked from commit 1f95317) Co-authored-by: Jeroen Demeyer <J.Demeyer@UGent.be>

…nGH-13867)

bpo-37138: fix undefined behaviour with memcpy() on NULL array

ea433e3

the-knights-who-say-ni added the CLA signed label Jun 6, 2019

bedevere-bot added the awaiting review label Jun 6, 2019

gpshead added the needs backport to 3.8 label Jun 6, 2019

gpshead added skip news type-bug An unexpected behavior, bug, or error labels Jun 6, 2019

gpshead approved these changes Jun 6, 2019

View reviewed changes

bedevere-bot added awaiting merge and removed awaiting review labels Jun 6, 2019

vstinner reviewed Jun 7, 2019

View reviewed changes

gpshead approved these changes Jun 7, 2019

View reviewed changes

gpshead merged commit 1f95317 into python:master Jun 7, 2019

bedevere-bot removed the awaiting merge label Jun 7, 2019

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jun 7, 2019

bpo-37138: fix undefined behaviour with memcpy() on NULL array (pytho…

67dcb7e

…nGH-13867) (cherry picked from commit 1f95317) Co-authored-by: Jeroen Demeyer <J.Demeyer@UGent.be>

bedevere-bot removed the needs backport to 3.8 label Jun 7, 2019

miss-islington added a commit that referenced this pull request Jun 7, 2019

bpo-37138: fix undefined behaviour with memcpy() on NULL array (GH-13867

6e05307

) (cherry picked from commit 1f95317) Co-authored-by: Jeroen Demeyer <J.Demeyer@UGent.be>

DinoV pushed a commit to DinoV/cpython that referenced this pull request Jan 14, 2020

bpo-37138: fix undefined behaviour with memcpy() on NULL array (pytho…

0259383

…nGH-13867)

Uh oh!

Conversation

jdemeyer commented Jun 6, 2019 • edited by bedevere-bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mangrisano commented Jun 6, 2019

Uh oh!

mangrisano commented Jun 6, 2019

Uh oh!

gpshead commented Jun 6, 2019

Uh oh!

gpshead left a comment

Choose a reason for hiding this comment

Uh oh!

jdemeyer commented Jun 7, 2019

Uh oh!

jdemeyer commented Jun 7, 2019

Uh oh!

vstinner commented Jun 7, 2019

Uh oh!

vstinner Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

jdemeyer Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

gpshead Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

gpshead Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

miss-islington commented Jun 7, 2019

Uh oh!

bedevere-bot commented Jun 7, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

jdemeyer commented Jun 6, 2019 •

edited by bedevere-bot

Loading