Skip to content

Assertion failure from StringIO.__setstate__ #127182

New issue
New issue
Closed
Closed
Assertion failure from StringIO.__setstate__#127182
Assignees
sobolevn
Labels
3.13bugs and security fixes3.14bugs and security fixesextension-modulesC modules in the Modules dirtype-crashA hard crash of the interpreter, possibly with a core dump
@devdanzin

Description

@devdanzin
devdanzin
opened on Nov 23, 2024

Crash report

What happened?

It's possible to abort the interpreter by calling StringIO.__setstate__ with a non-string initial_value:

python -c "from io import StringIO; StringIO().__setstate__((None, '', 0, {}))"
python: Objects/unicodeobject.c:2542: as_ucs4: Assertion `PyUnicode_Check(string)' failed.
Aborted (core dumped)

Interestingly, on a non-debug build passing an int as initial_value gives an error message saying that None should be a valid value:

python -c "from io import StringIO; StringIO().__setstate__((1, '', 0, {}))"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
    from io import StringIO; StringIO().__setstate__((1, '', 0, {}))
                             ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
TypeError: initial_value must be str or None, not int

Found using fusil by @vstinner.

CPython versions tested on:

3.13, 3.14, CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

Python 3.14.0a2+ (heads/main:0af4ec3, Nov 20 2024, 21:45:19) [GCC 13.2.0]

Linked PRs

Metadata

Metadata

Assignees

Labels

3.13bugs and security fixes3.14bugs and security fixesextension-modulesC modules in the Modules dirtype-crashA hard crash of the interpreter, possibly with a core dump

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions