New submission from Larry Hastings: Python 3.3 added a nice new feature: if you don't supply enough positional parameters to a function, it tells you the names of the positional parameters you omitted.
Unfortunately, the code that prints this error message assumes that the function is well-formed. If I manually create a function using types.CodeType and types.FunctionType, and I don't provide enough entries in the types.CodeType "varnames" parameter to satisfy all the positional parameters, and I call the resulting function with insufficient parameters, Python crashes. I've attached a sample script that demonstrates this crash. I can reproduce it with both 3.3.0 and a recent trunk. Since this feature wasn't in 3.2 or before, the bug doesn't seem to exist in those versions; I couldn't reproduce with 3.2 or 2.7. The crash occurs in missing_arguments() in Python/ceval.c, line 3256 in trunk. The function calls PyTuple_GET_ITEM on the co_varnames tuple without checking that it has sufficient entries. It gets a crazytown pointer, calls PyObject_Repr on it, and boom. I've attached a band-aid patch which prevents the crash, but this is almost certainly not the fix we want. Perhaps types.CodeType should refuse to generate the malformed code object in the first place? ---------- components: Interpreter Core files: crashy.py keywords: 3.3regression messages: 181936 nosy: larry priority: normal severity: normal stage: needs patch status: open title: Python segfaults from improperly formed and called function type: crash versions: Python 3.3, Python 3.4 Added file: http://bugs.python.org/file29043/crashy.py _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17187> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
