Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gh-111178: fix UBSan failures in Modules/_interp*module.c #129779

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
+52 −44
Open

gh-111178: fix UBSan failures in Modules/_interp*module.c #129779

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
be385ff
remove redundant casts in `Modules/_interpchannelsmodule.c`
picnixz Jan 25, 2025
ae33ded
suppress unused return values in `Modules/_interpchannelsmodule.c`
picnixz Jan 25, 2025
712953d
suppress unused return values in `Modules/_interpqueuesmodule.c`
picnixz Jan 25, 2025
7dad552
fix UBSan failures for `XIBufferViewObject`
picnixz Jan 25, 2025
81d2315
suppress unused return values in `Modules/_interpretersmodule.c`
picnixz Jan 25, 2025
baee622
Merge remote-tracking branch 'upstream/main' into fix/ubsan/interp-11…
picnixz Feb 7, 2025
d4483e0
do not use the macro when the type is already checked
picnixz Feb 7, 2025
e2ee75e
fix compilation
picnixz Feb 7, 2025
2794f87
Do not add an underscore to the macro if none is needed.
picnixz Feb 8, 2025
9c6f69c
Do Do not use `_` + capital letter in new code as it is also UB.
picnixz Feb 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 33 additions & 29 deletions Modules/_interpchannelsmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2268,6 +2268,8 @@ typedef struct channelid {
_channels *channels;
} channelid;

#define channelid_CAST(op) ((channelid *)(op))

struct channel_id_converter_data {
PyObject *module;
int64_t cid;
Expand Down Expand Up @@ -2396,10 +2398,11 @@ _channelid_new(PyObject *mod, PyTypeObject *cls,
}

static void
channelid_dealloc(PyObject *self)
channelid_dealloc(PyObject *op)
{
int64_t cid = ((channelid *)self)->cid;
_channels *channels = ((channelid *)self)->channels;
channelid *self = channelid_CAST(op);
int64_t cid = self->cid;
_channels *channels = self->channels;

PyTypeObject *tp = Py_TYPE(self);
tp->tp_free(self);
Expand All @@ -2420,7 +2423,7 @@ channelid_repr(PyObject *self)
PyTypeObject *type = Py_TYPE(self);
const char *name = _PyType_Name(type);

channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
const char *fmt;
if (cidobj->end == CHANNEL_SEND) {
fmt = "%s(%" PRId64 ", send=True)";
Expand All @@ -2437,21 +2440,21 @@ channelid_repr(PyObject *self)
static PyObject *
channelid_str(PyObject *self)
{
channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
return PyUnicode_FromFormat("%" PRId64 "", cidobj->cid);
}

static PyObject *
channelid_int(PyObject *self)
{
channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
return PyLong_FromLongLong(cidobj->cid);
}

static Py_hash_t
channelid_hash(PyObject *self)
{
channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
PyObject *pyid = PyLong_FromLongLong(cidobj->cid);
if (pyid == NULL) {
return -1;
Expand Down Expand Up @@ -2483,10 +2486,10 @@ channelid_richcompare(PyObject *self, PyObject *other, int op)
goto done;
}

channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
int equal;
if (PyObject_TypeCheck(other, state->ChannelIDType)) {
channelid *othercidobj = (channelid *)other;
channelid *othercidobj = (channelid *)other; // fast safe cast
equal = (cidobj->end == othercidobj->end) && (cidobj->cid == othercidobj->cid);
}
else if (PyLong_Check(other)) {
Expand Down Expand Up @@ -2606,17 +2609,18 @@ _channelid_shared(PyThreadState *tstate, PyObject *obj, _PyXIData_t *data)
return -1;
}
struct _channelid_xid *xid = (struct _channelid_xid *)_PyXIData_DATA(data);
xid->cid = ((channelid *)obj)->cid;
xid->end = ((channelid *)obj)->end;
xid->resolve = ((channelid *)obj)->resolve;
channelid *cidobj = channelid_CAST(obj);
xid->cid = cidobj->cid;
xid->end = cidobj->end;
xid->resolve = cidobj->resolve;
return 0;
}

static PyObject *
channelid_end(PyObject *self, void *end)
{
int force = 1;
channelid *cidobj = (channelid *)self;
channelid *cidobj = channelid_CAST(self);
if (end != NULL) {
PyObject *obj = NULL;
int err = newchannelid(Py_TYPE(self), cidobj->cid, *(int *)end,
Expand Down Expand Up @@ -2649,11 +2653,11 @@ static int _channelid_end_send = CHANNEL_SEND;
static int _channelid_end_recv = CHANNEL_RECV;

static PyGetSetDef channelid_getsets[] = {
{"end", (getter)channelid_end, NULL,
{"end", channelid_end, NULL,
PyDoc_STR("'send', 'recv', or 'both'")},
{"send", (getter)channelid_end, NULL,
{"send", channelid_end, NULL,
PyDoc_STR("the 'send' end of the channel"), &_channelid_end_send},
{"recv", (getter)channelid_end, NULL,
{"recv", channelid_end, NULL,
PyDoc_STR("the 'recv' end of the channel"), &_channelid_end_recv},
{NULL}
};
Expand All @@ -2662,16 +2666,16 @@ PyDoc_STRVAR(channelid_doc,
"A channel ID identifies a channel and may be used as an int.");

static PyType_Slot channelid_typeslots[] = {
{Py_tp_dealloc, (destructor)channelid_dealloc},
{Py_tp_dealloc, channelid_dealloc},
{Py_tp_doc, (void *)channelid_doc},
{Py_tp_repr, (reprfunc)channelid_repr},
{Py_tp_str, (reprfunc)channelid_str},
{Py_tp_repr, channelid_repr},
{Py_tp_str, channelid_str},
{Py_tp_hash, channelid_hash},
{Py_tp_richcompare, channelid_richcompare},
{Py_tp_getset, channelid_getsets},
// number slots
{Py_nb_int, (unaryfunc)channelid_int},
{Py_nb_index, (unaryfunc)channelid_int},
{Py_nb_int, channelid_int},
{Py_nb_index, channelid_int},
{0, NULL},
};

Expand Down Expand Up @@ -2904,10 +2908,10 @@ channelsmod_create(PyObject *self, PyObject *args, PyObject *kwds)
if (state == NULL) {
return NULL;
}
PyObject *cidobj = NULL;
channelid *cidobj = NULL;
int err = newchannelid(state->ChannelIDType, cid, 0,
&_globals.channels, 0, 0,
(channelid **)&cidobj);
&cidobj);
if (handle_channel_error(err, self, cid)) {
assert(cidobj == NULL);
err = channel_destroy(&_globals.channels, cid);
Expand All @@ -2917,8 +2921,8 @@ channelsmod_create(PyObject *self, PyObject *args, PyObject *kwds)
return NULL;
}
assert(cidobj != NULL);
assert(((channelid *)cidobj)->channels != NULL);
return cidobj;
assert(cidobj->channels != NULL);
return (PyObject *)cidobj;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this way better, but I'm curious: if we use a CAST macro for other objects, why do we use the standard style for PyObject?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I use macros when a possible assertion can be added later. For objects known to be of correct type, a fast raw cast is kept.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: one exception when calling the clear function in the free function of module objects. We started using raw casts there so I kept that convention and didn't touch anything. But technically, we could also use the macro to assert that the object being passed is a PyObject and not just something else.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note 2: In general, we use op for the PyObject value and self for the csated one. Ideally, I wanted to use self for the PyObject one and this for the casted one, but this would result in lots of changes. And it could also conflict with the this in C++ for IDEs so I resisted against this kind of convention.

If I could change the entire code base, I would likely use that convention though but op/self is also fine (note that most of the time I wanted to minimize the diff, so even if there are inconsistencies in the parameter names, I tried to keep the diff smaller rather than having more inconsistencies if by any chance there are other functions that are left untouched).

}

PyDoc_STRVAR(channelsmod_create_doc,
Expand Down Expand Up @@ -3553,7 +3557,7 @@ module_traverse(PyObject *mod, visitproc visit, void *arg)
{
module_state *state = get_module_state(mod);
assert(state != NULL);
traverse_module_state(state, visit, arg);
(void)traverse_module_state(state, visit, arg);
return 0;
}

Expand All @@ -3564,18 +3568,18 @@ module_clear(PyObject *mod)
assert(state != NULL);

// Now we clear the module state.
clear_module_state(state);
(void)clear_module_state(state);
return 0;
}

static void
module_free(void *mod)
{
module_state *state = get_module_state(mod);
module_state *state = get_module_state((PyObject *)mod);
assert(state != NULL);

// Now we clear the module state.
clear_module_state(state);
(void)clear_module_state(state);

_globals_fini();
}
Expand Down
10 changes: 5 additions & 5 deletions Modules/_interpqueuesmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1934,7 +1934,7 @@ static int
module_traverse(PyObject *mod, visitproc visit, void *arg)
{
module_state *state = get_module_state(mod);
traverse_module_state(state, visit, arg);
(void)traverse_module_state(state, visit, arg);
return 0;
}

Expand All @@ -1944,17 +1944,17 @@ module_clear(PyObject *mod)
module_state *state = get_module_state(mod);

// Now we clear the module state.
clear_module_state(state);
(void)clear_module_state(state);
return 0;
}

static void
module_free(void *mod)
{
module_state *state = get_module_state(mod);
module_state *state = get_module_state((PyObject *)mod);

// Now we clear the module state.
clear_module_state(state);
(void)clear_module_state(state);

_globals_fini();
}
Expand All @@ -1968,7 +1968,7 @@ static struct PyModuleDef moduledef = {
.m_slots = module_slots,
.m_traverse = module_traverse,
.m_clear = module_clear,
.m_free = (freefunc)module_free,
.m_free = module_free,
};

PyMODINIT_FUNC
Expand Down
24 changes: 14 additions & 10 deletions Modules/_interpretersmodule.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ typedef struct {
int64_t interpid;
} XIBufferViewObject;

#define XIBufferViewObject_CAST(op) ((XIBufferViewObject *)(op))

static PyObject *
xibufferview_from_xid(PyTypeObject *cls, _PyXIData_t *data)
{
Expand All @@ -100,8 +102,9 @@ xibufferview_from_xid(PyTypeObject *cls, _PyXIData_t *data)
}

static void
xibufferview_dealloc(XIBufferViewObject *self)
xibufferview_dealloc(PyObject *op)
{
XIBufferViewObject *self = XIBufferViewObject_CAST(op);
PyInterpreterState *interp = _PyInterpreterState_LookUpID(self->interpid);
/* If the interpreter is no longer alive then we have problems,
since other objects may be using the buffer still. */
Expand All @@ -124,20 +127,21 @@ xibufferview_dealloc(XIBufferViewObject *self)
}

static int
xibufferview_getbuf(XIBufferViewObject *self, Py_buffer *view, int flags)
xibufferview_getbuf(PyObject *op, Py_buffer *view, int flags)
{
/* Only PyMemoryView_FromObject() should ever call this,
via _memoryview_from_xid() below. */
XIBufferViewObject *self = XIBufferViewObject_CAST(op);
*view = *self->view;
view->obj = (PyObject *)self;
view->obj = op;
// XXX Should we leave it alone?
view->internal = NULL;
return 0;
}

static PyType_Slot XIBufferViewType_slots[] = {
{Py_tp_dealloc, (destructor)xibufferview_dealloc},
{Py_bf_getbuffer, (getbufferproc)xibufferview_getbuf},
{Py_tp_dealloc, xibufferview_dealloc},
{Py_bf_getbuffer, xibufferview_getbuf},
// We don't bother with Py_bf_releasebuffer since we don't need it.
{0, NULL},
};
Expand Down Expand Up @@ -1548,7 +1552,7 @@ module_traverse(PyObject *mod, visitproc visit, void *arg)
{
module_state *state = get_module_state(mod);
assert(state != NULL);
traverse_module_state(state, visit, arg);
(void)traverse_module_state(state, visit, arg);
return 0;
}

Expand All @@ -1557,16 +1561,16 @@ module_clear(PyObject *mod)
{
module_state *state = get_module_state(mod);
assert(state != NULL);
clear_module_state(state);
(void)clear_module_state(state);
return 0;
}

static void
module_free(void *mod)
{
module_state *state = get_module_state(mod);
module_state *state = get_module_state((PyObject *)mod);
assert(state != NULL);
clear_module_state(state);
(void)clear_module_state(state);
}

static struct PyModuleDef moduledef = {
Expand All @@ -1578,7 +1582,7 @@ static struct PyModuleDef moduledef = {
.m_slots = module_slots,
.m_traverse = module_traverse,
.m_clear = module_clear,
.m_free = (freefunc)module_free,
.m_free = module_free,
};

PyMODINIT_FUNC
Expand Down
Loading