search

python / cpython

The Python programming language
https://www.python.org
Other
63.63k stars 30.48k forks source link

`_interpreters.exec` with invalid dict as `shared` segfaults #127196

Open devdanzin opened 22 hours ago

devdanzin commented 22 hours ago

Crash report

What happened?

Passing a dict with an invalid key as the shared parameter to _interpreters.exec segfaults the interpreter (or aborts in a debug build):

import _interpreters
_interpreters.exec(0, "1", {"\uFD7C\u5124\u7B91\u92E9\u1850\u39AA\u0DF2\uD82A\u2D68\uACAD\u92DE\u47C5\uFFD0\uDE0B\uAA9C\u2C17\\u6577\u4C92\uD37C": 0})

Backtrace:

#0  0x00005555557c496c in _PyXI_ApplyError (error=0x0) at Python/crossinterp.c:1056
#1  0x00007ffff79db822 in _run_in_interpreter (p_excinfo=0x7fffffffd820, flags=1,
    shareables=0x7ffff7a186c0, codestrlen=<optimized out>, codestr=0x555555aceff8 <_PyRuntime+76888> "1",
    interp=0x555555ad1f18 <_PyRuntime+88952>) at ./Modules/_interpretersmodule.c:463
]#2  _interp_exec (interp=interp@entry=0x555555ad1f18 <_PyRuntime+88952>, code_arg=<optimized out>,
    shared_arg=0x7ffff7a186c0, p_excinfo=p_excinfo@entry=0x7fffffffd820, self=<optimized out>)
    at ./Modules/_interpretersmodule.c:955
#3  0x00007ffff79db9b0 in interp_exec (self=<optimized out>, args=<optimized out>, kwds=<optimized out>)
    at ./Modules/_interpretersmodule.c:1000
#4  0x00005555556abb43 in cfunction_call (func=0x7ffff7a6d9e0, args=<optimized out>,
    kwargs=<optimized out>) at Objects/methodobject.c:551
#5  0x0000555555643350 in _PyObject_MakeTpCall (tstate=0x555555b08c10 <_PyRuntime+313456>,
    callable=callable@entry=0x7ffff7a6d9e0, args=args@entry=0x7ffff7fb0080, nargs=<optimized out>,
    keywords=keywords@entry=0x0) at Objects/call.c:242
#6  0x0000555555643c76 in _PyObject_VectorcallTstate (kwnames=0x0, nargsf=<optimized out>,
    args=0x7ffff7fb0080, callable=0x7ffff7a6d9e0, tstate=<optimized out>)
    at ./Include/internal/pycore_call.h:165
#7  0x00005555555d8e75 in _PyEval_EvalFrameDefault (tstate=0x555555b08c10 <_PyRuntime+313456>,
    frame=0x7ffff7fb0020, throwflag=<optimized out>) at Python/generated_cases.c.h:955
#8  0x00005555557a559c in _PyEval_EvalFrame (throwflag=0, frame=0x7ffff7fb0020,
    tstate=0x555555b08c10 <_PyRuntime+313456>) at ./Include/internal/pycore_ceval.h:116
#9  _PyEval_Vector (args=0x0, argcount=0, kwnames=0x0, locals=0x7ffff7a18680, func=0x7ffff7a033d0,
    tstate=0x555555b08c10 <_PyRuntime+313456>) at Python/ceval.c:1898
#10 PyEval_EvalCode (co=co@entry=0x7ffff7a32230, globals=globals@entry=0x7ffff7a18680,
    locals=locals@entry=0x7ffff7a18680) at Python/ceval.c:659

The abort message is:

python: ./Modules/_interpretersmodule.c:462: _run_in_interpreter: Assertion `!PyErr_Occurred()' failed.
Aborted

Related to https://github.com/python/cpython/issues/126654. Found using fusil by @vstinner.

CPython versions tested on:

3.13, 3.14, CPython main branch

Operating systems tested on:

Linux

Output from running 'python -VV' on the command line:

Python 3.14.0a2+ (heads/main:3c770e3f097, Nov 22 2024, 09:48:39) [GCC 11.4.0]

Linked PRs

ZeroIntensity commented 20 hours ago

I think we just need to fix the assumption that _PyXI_Enter always successfully switches to the interpreter. I'll leave the patch to @sobolevn :)