BUG: Fix unintialized strlen when PyUnicode_AsUTF8AndSize fails #50387
Conversation
|
Very nice find. Makes sense as far as the issue goes, but ideally we'd work with the Python C API pattern and leave as is. Do you think it's just a limitation of our ujson that prevents that? Wonder if there's an upstream fix there we should look at |
We are allocating a buffer for the string, before checking that getStringValue succeeded. That's probably a good thing to follow up on. ujson does this correctly, though. See |
|
I'll also look into setting up valgrind/asan for our C code to catch stuff like this in the future(also nice for preventing memleaks/security headaches down the road). Thanks everyone for helping me to debug this! |
Nice find. I would rather vendor this - or is that causing issues? |
It should be fine, I think. I'd appreciate more scrutiny over this though (worried about double free/memleaks with the buffer here). There are also more usages elsewhere to change(which is probably a nice followup). |
|
Might be worth trying -fanalyzer with gcc https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html |
No warnings from the json module at least. I've also left in the initialization of the string length just to be safe though. |
|
We should remove the 0 string length - at the end of the day we have NULL so the length is undefined. Want to stick with CPython standards too For the gcc crash, is it gcc that is crashing or g++? I'm not sure the history of why that one module in particular uses c++ - could try simplifying and sticking with c consistently |
doc/source/whatsnew/vX.X.X.rstfile if fixing a bug or adding a new feature.Hopefully fixes 32bit builds.