Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SystemError/Assertion failure when processing struct with '0p' field #124248

Closed
brianschubert opened this issue Sep 19, 2024 · 1 comment · Fixed by #124251
Closed

SystemError/Assertion failure when processing struct with '0p' field #124248

brianschubert opened this issue Sep 19, 2024 · 1 comment · Fixed by #124251
Labels
extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@brianschubert
Copy link
Contributor

brianschubert commented Sep 19, 2024
edited by bedevere-app bot
Loading

Crash report

What happened?

Using struct to process zero-width Pascal strings ("0p") can lead to an assertion failure or SystemError.

Specifically:

  • struct.pack("<0p", b"") leads to an assertion failure and seg fault on debug builds (tested with current main and 3.13 tip)
  • struct.unpack("<0p", b"") raises an unexpected SystemError (tested with current main, 3.13 tip, non-debug builds of 3.8-3.12)

On current main (8f82d9aa219):

$ make clean && ./configure --with-pydebug && make -j
$ ./python -VV
Python 3.14.0a0 (heads/main:8f82d9aa219, Sep 19 2024, 11:08:04) [GCC 11.4.0]


$ ./python -c 'import struct; struct.unpack("<0p", b"")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
    import struct; struct.unpack("<0p", b"")
                   ~~~~~~~~~~~~~^^^^^^^^^^^^
SystemError: Negative size passed to PyBytes_FromStringAndSize


$ ./python -c 'import struct; struct.pack("<0p", b"")'
python: ./Modules/_struct.c:1991: s_pack_internal: Assertion `_Py_STATIC_CAST(Py_ssize_t, _Py_STATIC_CAST(unsigned char, (n))) == (n)' failed.
[1]    186971 IOT instruction (core dumped)  ./python -c 'import struct; struct.pack("<0p", b"")'

The same behavior is reproducible on the current 3.13 tip (112b1704fa6), and likely previous versions.

PR forthcoming.

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

Python 3.14.0a0 (heads/main:8f82d9aa219, Sep 19 2024, 11:08:04) [GCC 11.4.0]

Linked PRs
@brianschubert brianschubert added the type-crash A hard crash of the interpreter, possibly with a core dump label Sep 19, 2024
@ZeroIntensity ZeroIntensity added the extension-modules C modules in the Modules dir label Sep 19, 2024
@brianschubert brianschubert mentioned this issue Sep 19, 2024
Merged
vstinner pushed a commit that referenced this issue Sep 20, 2024
@brianschubert
gh-124248: Fix crash in struct when processing 0p fields (#124251)
63f1960
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 20, 2024
@brianschubert @miss-islington
pythongh-124248: Fix crash in struct when processing 0p fields (pytho…
462ee75 
…nGH-124251)

(cherry picked from commit 63f1960)

Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
@bedevere-app bedevere-app bot mentioned this issue Sep 20, 2024
Merged
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 20, 2024
@brianschubert @miss-islington
pythongh-124248: Fix crash in struct when processing 0p fields (pytho…
db4279d 
…nGH-124251)

(cherry picked from commit 63f1960)

Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
@bedevere-app bedevere-app bot mentioned this issue Sep 20, 2024
Merged
@vstinner
Copy link
Member

Fixed by change 63f1960.

vstinner pushed a commit that referenced this issue Sep 20, 2024
@miss-islington @brianschubert
[3.12] gh-124248: Fix crash in struct when processing 0p fields (GH-1…
6644cd2 
…24251) (#124278)

gh-124248: Fix crash in struct when processing 0p fields (GH-124251)
(cherry picked from commit 63f1960)

Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
savannahostrowski pushed a commit to savannahostrowski/cpython that referenced this issue Sep 22, 2024
@brianschubert @savannahostrowski
pythongh-124248: Fix crash in struct when processing 0p fields (pytho…
532d345 
…n#124251)
savannahostrowski pushed a commit to savannahostrowski/cpython that referenced this issue Sep 22, 2024
@brianschubert @savannahostrowski
pythongh-124248: Fix crash in struct when processing 0p fields (pytho…
b07293a 
…n#124251)
Yhg1s pushed a commit that referenced this issue Sep 30, 2024
@miss-islington @brianschubert
[3.13] gh-124248: Fix crash in struct when processing 0p fields (GH-1…
dddae66 
…24251) (#124277)

gh-124248: Fix crash in struct when processing 0p fields (GH-124251)
(cherry picked from commit 63f1960)

Co-authored-by: Brian Schubert <brianm.schubert@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
extension-modules C modules in the Modules dir type-crash A hard crash of the interpreter, possibly with a core dump
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

gh-124248: Fix crash in struct when processing 0p fields brianschubert/cpython
3 participants
@vstinner @brianschubert @ZeroIntensity