Bug#956254: python3-pykdl: PyKDL crashes Python 3 interpretter (SIGABRT) if any API accepting a str is used

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#956254: python3-pykdl: PyKDL crashes Python 3 interpretter (SIGABRT) if any API accepting a str is used

Shane Loretz
Package: python3-pykdl
Version: 1.4.0-7
Severity: important
Tags: patch

Dear Maintainer,


The package python3-pykdl crashes the Python 3 interpretter if any API
accepting a str is used. I've tested this in both Debian Buster and Sid.

$ python3 -c "import PyKDL; PyKDL.Tree('foobar')"
python3: /build/orocos-kdl-oHbJfL/orocos-kdl-1.4.0/python_orocos_kdl/PyKDL/std_string.sip:52: int convertTo_std_string(PyObject*, void**, int*, PyObject*): Assertion `PyUnicode_Check(s)' failed.
Aborted (core dumped)
$ echo $?
134

The following patch resolves the issue on both Buster (1.4.0-7) and Sid
(1.4.0-8)


Index: orocos-kdl-1.4.0/python_orocos_kdl/PyKDL/std_string.sip
===================================================================
--- orocos-kdl-1.4.0.orig/python_orocos_kdl/PyKDL/std_string.sip
+++ orocos-kdl-1.4.0/python_orocos_kdl/PyKDL/std_string.sip
@@ -48,9 +48,7 @@
          return 1;
      }
      if (PyUnicode_Check(sipPy)) {
-        PyObject* s = PyUnicode_AsEncodedString(sipPy, "UTF-8", "");
-        *sipCppPtr = new std::string(PyUnicode_AS_DATA(s));
-        Py_DECREF(s);
+        *sipCppPtr = new std::string(PyUnicode_AsUTF8(sipPy));
         return 1;
      }
 #if PY_MAJOR_VERSION < 3


Would you be willing to apply that patch and release a new version to
Buster and Sid?


Cheers,
Shane


-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.3.0-45-generic (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages python3-pykdl depends on:
ii  libc6             2.28-10
ii  libgcc1           1:8.3.0-6
ii  liborocos-kdl1.4  1.4.0-7+b1
ii  libpython3.7      3.7.3-2+deb10u1
ii  libstdc++6        8.3.0-6
ii  python3           3.7.3-1
ii  python3-sip       4.19.14+dfsg-2

python3-pykdl recommends no packages.

python3-pykdl suggests no packages.

-- no debconf information

0004-Convert-str-to-std-string.patch (624 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#956254: python3-pykdl: PyKDL crashes Python 3 interpretter (SIGABRT) if any API accepting a str is used

Jochen Sprickerhof-5
Hi Shane,

* Shane Loretz <[hidden email]> [2020-04-08 22:19]:
>Would you be willing to apply that patch and release a new version to
>Buster and Sid?

I've uploaded a fixed version to sid and proposed an update to the
release team in #956315. Thanks for opening the bug!

Cheers Jochen

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#956254: python3-pykdl: PyKDL crashes Python 3 interpretter (SIGABRT) if any API accepting a str is used

Shane Loretz
I tested the orocos-kdl 1.4.0-9 sources using debuild/dpkg -i in a Debian Buster container and can confirm it works for my use case. Thanks again!

On Thu, Apr 9, 2020 at 10:01 AM Jochen Sprickerhof <[hidden email]> wrote:
Hi Shane,

* Shane Loretz <[hidden email]> [2020-04-08 22:19]:
>Would you be willing to apply that patch and release a new version to
>Buster and Sid?

I've uploaded a fixed version to sid and proposed an update to the
release team in #956315. Thanks for opening the bug!

Cheers Jochen