Coder Social home page Coder Social logo

Comments (5)

mgorny avatar mgorny commented on July 17, 2024 2

Closing then. Sorry for the trouble.

from cpython.

sobolevn avatar sobolevn commented on July 17, 2024 1

So, here are my 2c:

  • looks like a crash is desired here, because of abort(), see

    cpython/Modules/_xxtestfuzz/fuzzer.c

    Lines 701 to 703 in 8223544

    if (!ELEMENTTREE_PARSEWHOLE_INITIALIZED && !init_elementtree_parsewhole()) {
    PyErr_Print();
    abort();
  • looks like xmlparser_type and bytesio_type are never actually decrefed (and in error paths as well)

    cpython/Modules/_xxtestfuzz/fuzzer.c

    Lines 443 to 469 in 8223544

    PyObject* xmlparser_type = NULL;
    PyObject* bytesio_type = NULL;
    /* Called by LLVMFuzzerTestOneInput for initialization */
    static int init_elementtree_parsewhole(void) {
    PyObject* elementtree_module = PyImport_ImportModule("_elementtree");
    if (elementtree_module == NULL) {
    return 0;
    }
    xmlparser_type = PyObject_GetAttrString(elementtree_module, "XMLParser");
    Py_DECREF(elementtree_module);
    if (xmlparser_type == NULL) {
    return 0;
    }
    PyObject* io_module = PyImport_ImportModule("io");
    if (io_module == NULL) {
    return 0;
    }
    bytesio_type = PyObject_GetAttrString(io_module, "BytesIO");
    Py_DECREF(io_module);
    if (bytesio_type == NULL) {
    return 0;
    }
    return 1;
    }
    But, since any errors will crash the app after this function - it is not a big deal.
  • since _elementtree is always expected, I don't think that we should guard this function in any special way

from cpython.

Eclips4 avatar Eclips4 commented on July 17, 2024

I guess this is intentional.
One of the fuzzing targets is elementtree (see Modules/__xxtestfuzz.c::LLVMFuzzerTestOneInput. We could probably improve error handling here, but would it improve anything? Fuzzing is not a feature of Python and I guess anyone who tries to run a fuzzer would understand this error.

from cpython.

mgorny avatar mgorny commented on July 17, 2024

Ok. Shouldn't then test_xxtestfuzz be skipped if _elementtree is not available? I can try making a pull request.

from cpython.

mgorny avatar mgorny commented on July 17, 2024

Hmm, on the other hand, since the whole extension is broken, I suppose leaving the tests on lets the person building it know that they should probably be disabling _xxtestfuzz as well.

from cpython.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.