New submission from Sebastian Hagen <sh_pyb...@memespace.net>: Various functions in the 'posix' module that take filename arguments accept bytearray values for those arguments, and mishandle those objects in a way that leads to segfaults.
Python 3.1 (r31:73572, Jul 23 2009, 23:41:26) [GCC 4.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import os >>> os.mkdir(bytearray(b'/')) Segmentation fault There's at least two seperate problems with the way posixmodule handles these objects. The first is that the code isn't set up to handle NULL retvals from PyByteArray_AS_STRING(), which occur for zero-byte bytearray objects. This causes a NULL-pointer dereference in PyUnicode_FSConverter() if you pass a zero-length bytearray. The second issue is that release_bytes() calls bytearray_releasebuffer() with NULL for the first argument, which directly leads to a NULL-pointer dereference. I'm attaching a patch against SVN 77001 which should fix both of these issues. ---------- components: Library (Lib) files: posixmodule_fn_bytearray_fix_01.patch keywords: patch messages: 96795 nosy: sh severity: normal status: open title: Filename-taking functions in posix segfault when called with a bytearray arg. type: crash versions: Python 3.1, Python 3.2 Added file: http://bugs.python.org/file15660/posixmodule_fn_bytearray_fix_01.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue7561> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
