Custom str subclass as keyword argument leads to System Error #94938

jeff5 · 2022-07-17T22:07:51Z

When arguments are given by keyword using a dictionary, CPython requires that the key be of type str, or a sub-class. If a custom str subclass defines a badly-behaved __eq__, and is used that way, a SystemError (null argument) can result, which is not expected in the interpreter.

This report stems from a discussion on discuss.python.org about the types of keyword that ought to be allowed -- it's not code I actually want to run.

Reproducer

# kwargsbomb.py Use of a str subclass as a keyword

class S(str):
    def __eq__(self, other):
        print(other)
        return True
    def __hash__(self):
        return 42

u = "my.domain.name"

a = u.split(**{'sep':'.'})     # ok
print(a)

b = u.split(**{S('sep'):'.'})  # ok
print(b)

c = u.split(**{S('xxx'):'.'})  # fails
print(c)

Output

['my', 'domain', 'name']
['my', 'domain', 'name']
sep
Traceback (most recent call last):
  File " ... \kwargsbomb.py", line 18, in <module>
    c = u.split(**{S('xxx'):'.'})  # fails
        ^^^^^^^^^^^^^^^^^^^^^^^^^
SystemError: null argument to internal routine

Environment

CPython versions: 3.10.2 3.11.0b4 (in Idle and at the prompt)
Operating system and architecture: Windows 10 64-bit

The text was updated successfully, but these errors were encountered:

JelleZijlstra · 2022-07-17T22:47:34Z

I'm not sure this should be supported. The discuss.python.org discussion was focused on strings that aren't valid identifiers, not on subclasses of str.

Restricting kwargs to only str may allow some optimizations and saves us from possible subtle bugs (what if a str subclass overrides __hash__). In addition, there's no known use case for using str subclasses.

I suggest we:

Document that kwargs must be exactly of type str
Fix the code so that attempting to use a str subclass raises TypeError instead of SystemError

serhiy-storchaka · 2022-07-18T09:37:28Z

The user should not be able to provoke a SystemError from pure Python code. This exception is reserved for misuse of the C API. There is a bug somewhere in _PyArg_UnpackKeywords(). In other examples it can lead to crash, memory corruption, or just silent produce incorrect result.

jeff5 · 2022-07-19T06:43:44Z

The discuss.python.org discussion was focused on strings that aren't valid identifiers, not on subclasses of str.

It starts with the question why integer keys are not allowed. When I looked where this is enforced, I was interested to find that it accepted sub-classes of str. So I tried it, idly, and idle restarted (in 3.8).

Restricting kwargs to only str may allow some optimizations and saves us from possible subtle bugs (what if a str subclass overrides __hash__).

I agree, and favour that, but I cannot say for certain no-one is relying on it. Also @serhiy-storchaka is right that something is wrong elsewhere, and may go wrong in other circumstances, which this daft trick just serves to discover.

When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in linearized arguments array. But since the number of expected initialized cells is determined as total number of passed arguments, this lead to reading NULL as keyword parameter value, that caused SysTemError or crash or other undesired behavior.

serhiy-storchaka · 2022-07-19T07:02:33Z

Thank you for your report @jeff5. It was an interesting bug.

) When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in the linearized arguments array. But since the number of expected initialized cells is determined as the total number of passed arguments, this lead to reading NULL as a keyword parameter value, that caused SystemError or crash or other undesired behavior.

…uments (pythonGH-94999) When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in the linearized arguments array. But since the number of expected initialized cells is determined as the total number of passed arguments, this lead to reading NULL as a keyword parameter value, that caused SystemError or crash or other undesired behavior. (cherry picked from commit ebad53a) Co-authored-by: Serhiy Storchaka <[email protected]>

…uments (pythonGH-94999) When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in the linearized arguments array. But since the number of expected initialized cells is determined as the total number of passed arguments, this lead to reading NULL as a keyword parameter value, that caused SystemError or crash or other undesired behavior.. (cherry picked from commit ebad53a) Co-authored-by: Serhiy Storchaka <[email protected]>

…GH-94999) (GH-95353) When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in the linearized arguments array. But since the number of expected initialized cells is determined as the total number of passed arguments, this lead to reading NULL as a keyword parameter value, that caused SystemError or crash or other undesired behavior. (cherry picked from commit ebad53a) Co-authored-by: Serhiy Storchaka <[email protected]>

…GH-94999) (GH-95354) When keyword argument name is an instance of a str subclass with overloaded methods __eq__ and __hash__, the former code could not find the name of an extraneous keyword argument to report an error, and _PyArg_UnpackKeywords() returned success without setting the corresponding cell in the linearized arguments array. But since the number of expected initialized cells is determined as the total number of passed arguments, this lead to reading NULL as a keyword parameter value, that caused SystemError or crash or other undesired behavior.. (cherry picked from commit ebad53a) Co-authored-by: Serhiy Storchaka <[email protected]>

(cherry picked from commit 0956b6d) Co-authored-by: Serhiy Storchaka <[email protected]>

merwok · 2022-08-29T19:08:27Z

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Custom str subclass as keyword argument leads to System Error #94938

Custom str subclass as keyword argument leads to System Error #94938

jeff5 commented Jul 17, 2022

JelleZijlstra commented Jul 17, 2022

serhiy-storchaka commented Jul 18, 2022

jeff5 commented Jul 19, 2022

serhiy-storchaka commented Jul 19, 2022

merwok commented Aug 29, 2022

Custom str subclass as keyword argument leads to System Error #94938

Custom str subclass as keyword argument leads to System Error #94938

Comments

jeff5 commented Jul 17, 2022

Reproducer

Output

Environment

JelleZijlstra commented Jul 17, 2022

serhiy-storchaka commented Jul 18, 2022

jeff5 commented Jul 19, 2022

serhiy-storchaka commented Jul 19, 2022

merwok commented Aug 29, 2022