Skip to content

gh-139146: Check calloc() results in test_pre_initialization_sys_options #139147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 29, 2025
Merged

gh-139146: Check calloc() results in test_pre_initialization_sys_options #139147

merged 1 commit into from
Sep 29, 2025

Conversation

zeff-ir
Copy link
Contributor

@zeff-ir zeff-ir commented Sep 19, 2025
edited by picnixz
Loading

In test_pre_initialization_sys_options() (Programs/_testembed.c),
the results of calloc() were not checked before passing the pointers
to wcsncpy(). On allocation failure (OOM), this could lead to a NULL dereference.

This patch adds NULL checks for both allocations and frees already allocated
memory before returning on error.

skip news

@bedevere-app bedevere-app bot added awaiting review tests Tests in the Lib/test dir labels Sep 19, 2025
@bedevere-app bedevere-app bot mentioned this pull request Sep 19, 2025
Closed
picnixz
picnixz reviewed Sep 19, 2025
View reviewed changes
@zeff-ir zeff-ir force-pushed the fix-deref-of-null-testembed branch from b4619e8 to 3be06fb Compare September 19, 2025 11:33
@zeff-ir
Copy link
Contributor Author

zeff-ir commented Sep 22, 2025

@picnixz Thanks for the review. I’ve pushed the updated version.

@zeff-ir zeff-ir requested a review from picnixz September 26, 2025 06:59
picnixz
picnixz reviewed Sep 29, 2025
View reviewed changes
@zeff-ir
pythongh-139146: Check calloc() results in test_pre_initialization_sy…
4e88014 
…s_options

Reported by: Dmitrii Chuprov [email protected]
Signed-off-by: Denis Sergeev <[email protected]>
@zeff-ir zeff-ir force-pushed the fix-deref-of-null-testembed branch from 34262eb to 4e88014 Compare September 29, 2025 10:10
@zeff-ir zeff-ir requested a review from picnixz September 29, 2025 10:12
@picnixz picnixz added needs backport to 3.14 bugs and security fixes needs backport to 3.13 bugs and security fixes labels Sep 29, 2025
@picnixz picnixz enabled auto-merge (squash) September 29, 2025 10:27
@picnixz picnixz merged commit 9c6a1f8 into python:main Sep 29, 2025
51 checks passed
@miss-islington-app
Copy link

Thanks @zeff-ir for the PR, and @picnixz for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 29, 2025
@zeff-ir @miss-islington
pythongh-139146: Check calloc() results in `_testembed.c::test_pre_…
17caaac 
…initialization_sys_options` (pythonGH-139147)

(cherry picked from commit 9c6a1f8)

Co-authored-by: Denis Sergeev <[email protected]>
Reported by: Dmitrii Chuprov <[email protected]>
Signed-off-by: Denis Sergeev <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Sep 29, 2025
@zeff-ir @miss-islington
pythongh-139146: Check calloc() results in `_testembed.c::test_pre_…
cd6b724 
…initialization_sys_options` (pythonGH-139147)

(cherry picked from commit 9c6a1f8)

Co-authored-by: Denis Sergeev <[email protected]>
Reported by: Dmitrii Chuprov <[email protected]>
Signed-off-by: Denis Sergeev <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Sep 29, 2025

GH-139413 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Sep 29, 2025
@bedevere-app
Copy link

bedevere-app bot commented Sep 29, 2025

GH-139414 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Sep 29, 2025
picnixz pushed a commit that referenced this pull request Sep 29, 2025
@miss-islington @zeff-ir
[3.13] gh-139146: Check calloc() results in `_testembed.c::test_pre…
6260b6a 
…_initialization_sys_options` (GH-139147) (#139414)

gh-139146: Check `calloc()` results in `_testembed.c::test_pre_initialization_sys_options` (GH-139147)
(cherry picked from commit 9c6a1f8)


Reported by: Dmitrii Chuprov <[email protected]>

Signed-off-by: Denis Sergeev <[email protected]>
Co-authored-by: Denis Sergeev <[email protected]>
@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot ARM64 MacOS M1 NoGIL 3.13 (tier-2) has failed when building commit 6260b6a.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1408/builds/1495) and take a look at the build logs.
  4. Check if the failure is related to this commit (6260b6a) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1408/builds/1495

Failed tests:

  • test.test_multiprocessing_spawn.test_processes

Failed subtests:

  • test_repr_rlock - test.test_multiprocessing_spawn.test_processes.WithProcessesTestLock.test_repr_rlock

Summary of the results of the build (if available):

==

Click to see traceback logs 
Traceback (most recent call last):
  File "/Users/buildbot/buildarea/3.13.itamaro-macos-arm64-aws.macos-with-brew.nogil/build/Lib/test/_test_multiprocessing.py", line 1492, in test_repr_rlock
    self.assertEqual('<RLock(SomeOtherThread, nonzero)>', repr(lock))
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: '<RLock(SomeOtherThread, nonzero)>' != '<RLock(None, 0)>'
- <RLock(SomeOtherThread, nonzero)>
+ <RLock(None, 0)>

@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot AMD64 Windows Server 2022 NoGIL 3.13 (tier-1) has failed when building commit 6260b6a.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1488/builds/1597) and take a look at the build logs.
  4. Check if the failure is related to this commit (6260b6a) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1488/builds/1597

Failed tests:

  • test_launcher

Failed subtests:

  • test_search_major_3 - test.test_launcher.TestLauncher.test_search_major_3
  • test_literal_shebang_command - test.test_launcher.TestLauncher.test_literal_shebang_command
  • test_search_path_exe - test.test_launcher.TestLauncher.test_search_path_exe
  • test_search_path - test.test_launcher.TestLauncher.test_search_path
  • test_search_major_2 - test.test_launcher.TestLauncher.test_search_major_2
  • test_shebang_command_in_venv - test.test_launcher.TestLauncher.test_shebang_command_in_venv
  • tearDownClass - test.test_launcher.TestLauncher
  • test_virtualenv_with_env - test.test_launcher.TestLauncher.test_virtualenv_with_env
  • test_py3_default - test.test_launcher.TestLauncher.test_py3_default

Summary of the results of the build (if available):

==

Click to see traceback logs 
Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 662, in test_search_path
    data = self.run_py(
        [script, "-postarg"],
        env={"PATH": f"{exe.parent};{os.getenv('PATH')}"},
    )
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 254, in run_py
    self.assertEqual(expect_returncode, p.returncode)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 0 != 103


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 787, in test_shebang_command_in_venv
    data = self.run_py([script], env=env)
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 254, in run_py
    self.assertEqual(expect_returncode, p.returncode)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 0 != 103


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 465, in test_search_major_2
    self.assertEqual("PythonCore", data["env.company"])
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 'PythonCore' != 'PythonTestSuite'
- PythonCore
+ PythonTestSuite


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 309, in tearDownClass
    delete_registry_data(key, TEST_DATA)
    ~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 129, in delete_registry_data
    with winreg.OpenKey(root, key, access=ACCESS) as hkey:
         ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [WinError 2] The system cannot find the file specified


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 676, in test_search_path_exe
    data = self.run_py(
        [script, "-postarg"],
        env={"PATH": f"{exe.parent};{os.getenv('PATH')}"},
    )
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 254, in run_py
    self.assertEqual(expect_returncode, p.returncode)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 0 != 103


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 485, in test_py3_default
    self.assertEqual("PythonTestSuite", data["SearchInfo.company"])
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 'PythonTestSuite' != '(null)'
- PythonTestSuite
+ (null)


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 751, in test_literal_shebang_command
    self.assertEqual(
    ~~~~~~~~~~~~~~~~^
        f"TEST_EXE.exe arg1 {quote(script)}",
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        data["stdout"].strip(),
        ^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
AssertionError: 'TEST_EXE.exe arg1 C:\\Users\\Administrato[98 chars]5.py' != 'C:\\Users\\Administrator\\buildarea\\3.13[209 chars]5.py'
- TEST_EXE.exe arg1 C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\build\test_python_6604�\tmpe45tdnn5.py
+ C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\build\test_python_6604�\test-command arg1 C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\build\test_python_6604�\tmpe45tdnn5.py


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 445, in test_search_major_3
    self.assertEqual("PythonCore", data["env.company"])
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 'PythonCore' != 'PythonTestSuite'
- PythonCore
+ PythonTestSuite


Traceback (most recent call last):
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 552, in test_virtualenv_with_env
    data2 = self.run_py(["-V:PythonTestSuite/3"], env={**env, "PY_PYTHON": "PythonTestSuite/3"})
  File "C:\Users\Administrator\buildarea\3.13.itamaro-win64-srv-22-aws.x64.nogil\build\Lib\test\test_launcher.py", line 254, in run_py
    self.assertEqual(expect_returncode, p.returncode)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: 0 != 103

@picnixz
Copy link
Member

picnixz commented Sep 29, 2025

This is an unrelated failure. Don't worry.

@zeff-ir
Copy link
Contributor Author

zeff-ir commented Sep 29, 2025

Got it, thanks!

@bedevere-bot
Copy link

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot x86-64 MacOS Intel ASAN NoGIL 3.x (tier-2) has failed when building commit 9c6a1f8.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1366/builds/5126) and take a look at the build logs.
  4. Check if the failure is related to this commit (9c6a1f8) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1366/builds/5126

Failed tests:

  • test_tracemalloc
  • test_socket

Failed subtests:

  • test_dual_stack_client_v4 - test.test_socket.CreateServerFunctionalTest.test_dual_stack_client_v4

Summary of the results of the build (if available):

==

Click to see traceback logs 
Traceback (most recent call last):
  File "/Users/buildbot/buildarea/3.x.itamaro-macos-intel-aws.macos-with-brew.asan.nogil/build/Lib/test/test_socket.py", line 7405, in test_dual_stack_client_v4
    with socket.create_server(("", port), family=socket.AF_INET6,
         ~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                              dualstack_ipv6=True) as sock:
                              ^^^^^^^^^^^^^^^^^^^^
  File "/Users/buildbot/buildarea/3.x.itamaro-macos-intel-aws.macos-with-brew.asan.nogil/build/Lib/socket.py", line 964, in create_server
    raise error(err.errno, msg) from None
OSError: [Errno 48] Address already in use (while attempting to bind on address ('', 59696))

hugovk pushed a commit that referenced this pull request Sep 29, 2025
@miss-islington @zeff-ir
[3.14] gh-139146: Check calloc() results in `_testembed.c::test_pre…
146a37b 
…_initialization_sys_options` (GH-139147) (#139413)

Co-authored-by: Denis Sergeev <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@picnixz picnixz picnixz approved these changes

Assignees
No one assigned
Labels
skip news tests Tests in the Lib/test dir
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zeff-ir @bedevere-bot @picnixz