PyArmored code crashes stochastically on hash calculation for `frame.f_code`

[himkt]

I prepared the simple Python script to get a frame object and try to calculate a hash of f_core.

import sys
from pathlib import Path

# note; pyarmor_segv is simple python module only with pathlib to raise exception.
# https://github.com/himkt/pyarmor-hash-segv/blob/main/src/pyarmor_segv/__init__.py
from pyarmor_segv import func  # pyright: ignore[reportMissingImports]

try:
    func(Path('empty'))
except ValueError:
    # Get the obfuscated function's frame
    tb = sys.exc_info()[2].tb_next  # type: ignore
    frame = tb.tb_frame  # type: ignore
    code = frame.f_code
    print(f"frame.f_code: {code}")
    print(f"co_name: {code.co_name}")
    print(f"Computing hash(frame.f_code)...: {hash(code)}")
    print("Success")

I repeatedly generated the obfuscated module and ran the script (replicate.sh, you can see the script in https://github.com/himkt/pyarmor-hash-segv) to get segmentation faults stochastically.

> ./replicate.sh 
Trial  1: frame.f_code: <code object func at 0x7776cf78c370, file "<frozen pyarmor_segv>", line 5>
co_name: func
Computing hash(frame.f_code)...: -3915728441605713561
Success
Normal ✓
Trial  2: frame.f_code: <code object func at 0x7251b5ec8370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial  3: frame.f_code: <code object func at 0x764dbfd10370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial  4: frame.f_code: <code object func at 0x733c5db98370, file "<frozen pyarmor_segv>", line 5>
co_name: func
Computing hash(frame.f_code)...: -1940020248159428493
Success
Normal ✓
Trial  5: frame.f_code: <code object func at 0x7b56701c8370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial  6: frame.f_code: <code object func at 0x7b871eb74370, file "<frozen pyarmor_segv>", line 5>
co_name: func
Computing hash(frame.f_code)...: -5207489521542538451
Success
Normal ✓
Trial  7: frame.f_code: <code object func at 0x7f8314848370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial  8: frame.f_code: <code object func at 0x735fb1d6c370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial  9: frame.f_code: <code object func at 0x74676b578370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗
Trial 10: frame.f_code: <code object func at 0x72a01b358370, file "<frozen pyarmor_segv>", line 5>
co_name: func
SEGFAULT ✗

---

In IPython scenario (I think it is related to #2293):

1. IPython exception handler calls get_records() in ultratb.py
2. Calls stack_data.FrameInfo.stack_data(etb, ...) in ultratb.py
3. stack_data/core.py calls Source.executing(frame_or_tb)
4. executing/executing.py creates dict key: key = (frame.f_code, id(code), lasti)
5. executing_cache.get(key) triggers hash(key) → hash(frame.f_code)
6. PyArmor-corrupted frame.f_code causes SEGFAULT when hashed

• https://github.com/ipython/ipython/blob/9.9.0/IPython/core/ultratb.py#L859
• https://github.com/alexmojaki/stack_data/blob/v0.6.3/stack_data/core.py#L551
• https://github.com/alexmojaki/executing/blob/v2.2.1/executing/executing.py#L217-L221

[himkt]

Created a repository to make it easy to replicate: https://github.com/himkt/pyarmor-hash-segv.

[jondy]

Thanks. I have reproduced it in Python 3.13, and I'll check it next week.

But my suggestion is to try Pyarmor 9 features like VMC or ECC scripts for this case, please refer to Pyarmor 9 docs here
https://pyarmor.eke.org.cn

Because the scripts generated by pyarmor gen will touch f_code, it may results in some unexpected issues in Python 3.13+, that is to say, it may not be fixed (i'm not sure now)

[himkt]

Oh I see, thank you for guiding me, I'll try! And I see, https://pyarmor.eke.org.cn/archive/v9/docs/en/ is different from https://pyarmor.readthedocs.io/en/latest/index.html. The former document explains VMC and ECC while the latter document only mentions that they are introduced.

How about changing the link on the repository introduction as well? I just noticed you modified README.md to refer to the new website while this link is not.

If it's intended, please ignore (and sorry). I understand several links still point to the old? documentation such as FAQ in Getting Help intentionally.

[jondy]

"https://pyarmor.eke.org.cn/" will be the final entry site for all the doc, but now it's still developing.

[jondy]

After checking Python 3.13 source code, if frame->f_code->co_code is obfuscated, it may be crashed when calculating its hash.

The final solution for this case is to use Pyarmor 9 new fetures: VMC or ECC scripts.

[himkt]

Thank you for your effort of investigation! Then I think adding notes for this in the documentation would be helpful for users using py313 or later. 🙏

In my understanding, it is OK not to close the issue. Let me keep as is.