Skip to content

Use of uninitialized pointer in Argument Clinic generated code #97728

New issue
New issue
Closed
Closed
Use of uninitialized pointer in Argument Clinic generated code#97728
Labels
3.10only security fixes3.11only security fixes3.12only security fixesOS-windowstopic-argument-clinictype-bugAn unexpected behavior, bug, or errortype-crashA hard crash of the interpreter, possibly with a core dump
@serhiy-storchaka

Description

@serhiy-storchaka
serhiy-storchaka
opened on Oct 2, 2022
Member

The code generated for the Py_UNICODE converter (and derived converter LPCWSTR) looks like:

const Py_UNICODE *name;
...
if (!_PyArg_ParseXXX(..., name, ...)) {
    goto exit;
}
...
exit:
    PyMem_Free((void *)name);

If parsing fails, PyMem_Free() is called for uninitialized variable.

It is the only converter with non-trivial cleanup which does not have a mandatory initializer.

Activity

serhiy-storchaka
added
type-bugAn unexpected behavior, bug, or error
needs backport to 3.10only security fixes
type-crashA hard crash of the interpreter, possibly with a core dump
topic-argument-clinic
needs backport to 3.11only security fixes
OS-windows
on Oct 2, 2022
serhiy-storchaka

serhiy-storchaka commented on Oct 2, 2022

@serhiy-storchaka
serhiy-storchaka
on Oct 2, 2022
MemberAuthor

Seems that for now it only affects the Windows code.

I have found this bug when tried to use Argument Clinic for OS agnostic code which converts arguments to wchar_t * (in getpath.c).

serhiy-storchaka
added a commit that references this issue on Oct 2, 2022

pythongh-97728: Argument Clinic: Fix uninitialized variable in the Py…

96a7768
bedevere-bot
mentioned this on Oct 2, 2022
eryksun

eryksun commented on Oct 2, 2022

@eryksun
eryksun
on Oct 2, 2022
Contributor

These needs to be fixed if _winapi.CreateJunction() is used as a fallback for os.symlink() when creating a compatibility link such as "bin -> Scripts". More here: #97586 (comment).

kumaraditya303
added
3.11only security fixes
3.10only security fixes
3.12only security fixes
and removed
needs backport to 3.10only security fixes
needs backport to 3.11only security fixes
on Oct 2, 2022
serhiy-storchaka
added a commit that references this issue on Oct 3, 2022

gh-97728: Argument Clinic: Fix uninitialized variable in the Py_UNICO…

0ee9619
bedevere-bot
mentioned this on Oct 3, 2022
serhiy-storchaka
added 2 commits that reference this issue on Oct 3, 2022

[3.11] pythongh-97728: Argument Clinic: Fix uninitialized variable in…

3ca612d

[3.11] gh-97728: Argument Clinic: Fix uninitialized variable in the P…

f07ee41
bedevere-bot
mentioned this on Oct 3, 2022
serhiy-storchaka
added 2 commits that reference this issue on Oct 3, 2022

[3.10] pythongh-97728: Argument Clinic: Fix uninitialized variable in…

e02ce34

[3.10] gh-97728: Argument Clinic: Fix uninitialized variable in the P…

769b9dc
carljm
added a commit that references this issue on Oct 3, 2022

Merge branch 'main' into dictwatch

e83abac
kumaraditya303

kumaraditya303 commented on Oct 16, 2022

@kumaraditya303
kumaraditya303
on Oct 16, 2022
Contributor

Fixed by #97729

kumaraditya303
closed this as completedon Oct 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.10only security fixes3.11only security fixes3.12only security fixesOS-windowstopic-argument-clinictype-bugAn unexpected behavior, bug, or errortype-crashA hard crash of the interpreter, possibly with a core dump

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @eryksun@serhiy-storchaka@kumaraditya303

        Issue actions
          Use of uninitialized pointer in Argument Clinic generated code · Issue #97728 · python/cpython