[Python-Dev] CALL_FUNCTION_EX arg and stack_effect
Hi, I have a question about the use of CALL_FUNCTION_EX in https://github.com/python/cpython/blob/master/Python/compile.c#L3624. Looking at the code it appears that the argument will be either 1 or 0 depending on whether or not the function is taking keywords arguments (which means that CALL_FUNCTION_EX cannot be used on function taking no argument). Executing that opcode will remove from the stack the function code, the positional arguments (packed in a tuple) and the potential keyword arguments packed in a dict and push the return value. So the stack effect will be either -1 or -2 (could be 0 if the possibility to pass 0 arguments existed). Looking at the stack effect computation (https://github.com/python/cpython/blob/master/Python/compile.c#L1047), it appears that the stack effect will be 0 if the argument is 0, -1 for either 1 or 2, and -2 for 3. Which means that the code generated at https://github.com/python/cpython/blob/master/Python/compile.c#L3624 can never allow to compute the right stack effect using the stack_effect function (as it will return either 0 or -1 instead of -1 and -2) I would say that this is a bug and that the oparg should be 1 + 2 if keywords arguments are present at line 3624. I am not sure what consequence this can have on CPython but it means the bytecode becomes weird as a the stack looks like it can grow during a list comprehension (calling a function f using * syntax) : BUILD_LIST 0 1 LOAD_FAST .0 1 FOR_ITER 22 1 ---> after each jump it looks like the stack is higher by one STORE_FAST i -1 LOAD_GLOBAL f 1 LOAD_DEREF a 1 LOAD_FAST i 1 BINARY_SUBSCR None -1 CALL_FUNCTION_EX 0 0 LIST_APPEND 2 -1 JUMP_ABSOLUTE 4 0 RETURN_VALUE None -1 What do you think ? Should I open an issue on https://bugs.python.org/ ? Best regards Matthieu ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] IMPORTANT: Python 3.6.1 Maintenance Release Release Candidate in 7 days (2017-02-27)
It seems like last year already since the release of 3.6.0. I guess that's because it was last year, 2016-12-22 to be exact! Now we're approaching the end of the first quarter and, according to PEP 494, it's time to start producing the first maintenance release for the 3.6 series. The schedule calls for the release candidate to be produced on Monday 2017-02-27 UTC. As was the case with the 3.6.0 release cycle, the plan is for the release candidate to be the same as the final release, that is, no additional changes go in after the release candidate except for any showstopper critical problems that might be discovered with rc1. So please plan to get any security fixes, bug fixes, and documentation changes you think should be in 3.6.1 merged in before 2017-02-27. I will send out another reminder a couple of days before. The 3.6.1 final is planned for two weeks following rc1, that is, on 2017-03-13. I expect the next 3.6 maintenance release (3.6.2) will follow about 3 months later , so most likely in 2017-06 after PyCon US. 3.6.1 will be the first release using our new GitHub-based development process (thanks, Brett and team!). If you are planning to push something for 3.6.1 and haven't yet tried out the new workflow or are not yet familiar with GitHub pull requests, you should probably give yourself some extra time. As always, the Developer's Guide is the primary reference for the development workflow; not surprisingly, with such a major change, there are likely still some parts of the guide that could use further changes and clarifications. You can help by reviewing the devguide's open issues and pull requests in its repository and adding to them as you work through issues. If you have comments on or improvement suggestions for the new workflow, the place to discuss them is on the core-workflow mailing list. Thanks again for all of your efforts in bringing 3.6.0 into the world and for helping now to make it even better! https://www.python.org/dev/peps/pep-0494/ http://cpython-devguide.readthedocs.io https://mail.python.org/mailman/listinfo/core-workflow -- Ned Deily [email protected] -- [] ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Python FTP Injections Allow for Firewall Bypass (oss-security advisory)
Hello, I have just noticed that an FTP injection advisory has been made public on the oss-security list. The author says that he an exploit exists but it won't be published until the code is patched You may be already aware, but it would be good to understand what is the position of the core developers about this. The advisory is linked below (with some excerpts in this message): http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html Protocol injection flaws like this have been an area of research of mine for the past few couple of years and as it turns out, this FTP protocol injection allows one to fool a victim's firewall into allowing TCP connections from the Internet to the vulnerable host's system on any "high" port (1024-65535). A nearly identical vulnerability exists in Python's urllib2 and urllib libraries. In the case of Java, this attack can be carried out against desktop users even if those desktop users do not have the Java browser plugin enabled. As of 2017-02-20, the vulnerabilities discussed here have not been patched by the associated vendors, despite advance warning and ample time to do so. [...] Python's built-in URL fetching library (urllib2 in Python 2 and urllib in Python 3) is vulnerable to a nearly identical protocol stream injection, but this injection appears to be limited to attacks via directory names specified in the URL. [...] The Python security team was notified in January 2016. Information provided included an outline of the possibility of FTP/firewall attacks. Despite repeated follow-ups, there has been no apparent action on their part. Best regards, -- Stefano P.S. I am posting from gmane, I hope that this is OK. ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] CALL_FUNCTION_EX arg and stack_effect
Hi Matthieu, On 20 February 2017 at 19:44, Matthieu Dartiailh wrote: > What do you think ? Should I open an issue on https://bugs.python.org/ ? Possibly related: http://bugs.python.org/issue24340 A bientôt, Armin. ___ Python-Dev mailing list [email protected] https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
