PyErr_SetFromErrno() etc should be called immediately after setting the error code #107913
Assignees
Labels
3.11
only security fixes
3.12
bugs and security fixes
3.13
bugs and security fixes
interpreter-core
(Objects, Python, Grammar, and Parser dirs)
type-bug
An unexpected behavior, bug, or error
Comments
serhiy-storchaka
added
type-bug
serhiy-storchaka
added a commit
to serhiy-storchaka/cpython
that referenced
this issue
Aug 14, 2023
Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code.
serhiy-storchaka
added a commit
to serhiy-storchaka/cpython
that referenced
this issue
Aug 14, 2023
Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code.
serhiy-storchaka
added a commit
that referenced
this issue
Aug 26, 2023
Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code.
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this issue
Aug 26, 2023
…-107930) Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code. (cherry picked from commit 2b15536) Co-authored-by: Serhiy Storchaka <[email protected]>
serhiy-storchaka
added a commit
to serhiy-storchaka/cpython
that referenced
this issue
Aug 26, 2023
…ythonGH-107930) Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code.. (cherry picked from commit 2b15536) Co-authored-by: Serhiy Storchaka <[email protected]>
Yhg1s
pushed a commit
that referenced
this issue
Aug 26, 2023
…) (#108523) gh-107913: Fix possible losses of OSError error codes (GH-107930) Functions like PyErr_SetFromErrno() and SetFromWindowsErr() should be called immediately after using the C API which sets errno or the Windows error code. (cherry picked from commit 2b15536) Co-authored-by: Serhiy Storchaka <[email protected]>
serhiy-storchaka
added a commit
that referenced
this issue
Aug 27, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Functions like
PyErr_SetFromErrno()rely on global variableerrno(actually it is thread local, but it does not matter here). They should be called immediately after using a functions which seterrno. Calling other function (likeclose()) can change the value oferrno.Py_DECREF()andPyBuffer_Release()can execute arbitrary code, in particularly the code which changes the value oferrno. EvenPyMem_Free()is not safe, because it the memory allocator can be customized.There is the same issue with
SetFromWindowsErr()and friends. If pass 0 as Windows error code, it callsGetLastError()to retrieve the global value which can be changed at that time if some functions were called beforeSetFromWindowsErr().Most uses in the code are correct, but there are several sites in the code where some cleanup code is inserted between function which sets the error code and function which consumes it.
Two ways to resolve this issue:
Reorganize the code so that
PyErr_SetFromErrno()andSetFromWindowsErr()are called immediately after function which sets the error code (not counting simple memory reads or writes). In some cases it may require duplicating the cleanup code (usually just one line).Save the error code to a local variable before executing the intermediate code and restore it after.
Linked PRs
The text was updated successfully, but these errors were encountered: