gh-143008: fix TextIOWrapper.truncate via re-entrant flush #143041
Conversation
Signed-off-by: yihong0618 <[email protected]>
cmaloney
left a comment
cmaloney
left a comment
There was a problem hiding this comment.
I don't like adding a new flushing variable here. To me it doesn't solves the core issue: Code assumes self->buffer is non-NULL because of checks which become invalid by the time it's actually dereferenced/used (TOCTOU general bug class). I think TextIOWrapper already has the information we need to be looking at / checking for (CHECK_ATTACHED macro / self->detached, self->buffer == NULL, and self->ok, ...). Those seem to be tracking very close to the same thing and should be usable to solve this group of issues.
I think it would be better here to use CHECK_ATTACHED just before self->buffer is used / passed to a call / returned; making sure there aren't any other calls to interpreter methods betwen the CHECK_ATTACHED + self->buffer usage / dereference.
I suspect BufferedIO will need a similar set of fixes: It also has a concept of an underlying stream that can be "detached" and which user code may detach during various operations.
Some comments on specifics inline, the test_textio ones I think are important in further changes, implementation details less so if not adding/using the flushing member.
| # instead of crashing. | ||
| wrapper = None | ||
|
|
||
| class BadRaw(self.RawIOBase): |
There was a problem hiding this comment.
There's a number of mock helpers defined in test_io/utils.py to make it so can reduce this to just the methods that matter. I think self.MockRawIO will work here
| with self.subTest(name): | ||
| wrapper = self.TextIOWrapper(EvilBuffer(BadRaw()), encoding='utf-8') | ||
| self.assertRaisesRegex(RuntimeError, "reentrant", method) | ||
| wrapper = None |
There was a problem hiding this comment.
can we make the gc / closing here more explicit? del wrapper?
Misc/NEWS.d/next/Library/2025-12-21-17-56-37.gh-issue-143008.aakErJ.rst
Outdated
Show resolved
Hide resolved
| static inline int | ||
| _textiowrapper_flush(textio *self) | ||
| { | ||
| self->flushing = 1; |
There was a problem hiding this comment.
Why can't this be in _io_TextIOWrapper_flush_impl?
There was a problem hiding this comment.
it can, the design is cover it in _PyFile_Flush
| PyObject *ret; | ||
| self->flushing = 1; | ||
| do { | ||
| ret = PyObject_CallMethodOneArg(self->buffer, &_Py_ID(write), b); |
There was a problem hiding this comment.
every loop iteration / write call could execute arbitrary interpreter code that could invalidate self->buffer so likely need to check on each loop iteration.
There was a problem hiding this comment.
will check, but I think maybe not need
I think you are right but |
|
And I can change it to my first solution or waiting for other discuss here? |
…akErJ.rst Co-authored-by: Cody Maloney <[email protected]>
|
I agree Can you explain what your first solution is? I'm not understanding what you're referring to. |
|
serhiy-storchaka
left a comment
serhiy-storchaka
left a comment
There was a problem hiding this comment.
This will break the case when flush() was intentionally overridden.
I am not also sure that it fixes the core issue, it just makes a particular reproducer no longer working.
will dig it, thank you |
3 participants
This patch fix all re-entrant flush problem
by adding an attr flushing
and. refactor the file check to
_textiowrapper_flushTextIOWrapper.truncatevia re-entrantflush#143008all crash problem in 143008 can be fix cc @jackfromeast can you help to check?
thank you very much!