zopefoundation / BTrees / 430
94%

DEFAULT BRANCH: master
Ran
Jobs 2
Files 25
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
430

push

travis-ci

navytux 
Don't allow to pass bad child into tree.__setstate__ to avoid memory corruption and crash

Hello up there. To test my module that computes diff for BTrees I was playing
with manually creating BTrees with different topologies[1,2] and hit the
following bug that was leading to segmentation faults:

C implementation of Tree.__setstate__ allows to pass in arbitrary objects in
place of children and casts child to (Bucket*) if child type is not type of the
tree

    _without further checking that type of the child is actually Bucket_

This leads to crashes when later the code, that is accessing tree nodes,
goes to leafs, accesses passed in objects assuming they are buckets with
corresponding C-level Bucket structure layout, and oops dereferences e.g.
Bucket->keys, or Bucket->values from memory initialized via non-Bucket
C-level data.

-> Fix it by allowing to pass into tree.__setstate__ only children of
either tree or bucket types.

Note: for tree kind the type is checked exactly, because in many places C
implementation already does `if (SameType_Check(tree, X))` and assumes X is
of bucket kind if that check fails. For buckets we accept tree._bucket_type
subclasses as they are handled correctly and bucket type for tree.firstbucket
is already verified via "isinstance".

Kirill

P.S.

test___setstate___to_multiple_buckets is adjusted to avoid test failures
because Test_Tree._makeOne() was creating tree with ._bucket_type different
from _Bucket defined in that test.

[1] https://lab.nexedi.com/kirr/wendelin.core/blob/28010b7/wcfs/internal/xbtree.py
[2] https://lab.nexedi.com/kirr/wendelin.core/blob/28010b7/wcfs/internal/xbtree_test.py

/helped-by @jamadden

7531 of 7684 relevant lines covered (98.01%)

1.96 hits per line

Jobs
ID Job ID Ran Files Coverage
10 430.10 (TWINE_USERNAME=zope.wheelbuilder TWINE_PASSWORD={:secure=>"GoACBHy175St7lL5BIfW6Jz4HLG7XWpyt8znNJPe1HwInjSOWRqc0EZGVAjpCfOGX3iE3HchDH00WydkPuYEgUo0eoH59vVKk+x+LccKmUPQBSBW4HN40UVgQhtMm3BFsdk+dq0taxw2ZNGmv0+uo9uLqVXkcNNpokmOyoXkDmc="} PURE_PYTHON=1 WITH_COVERAGE=1 ZOPE_INTERFACE_STRICT_IRO=1) 0
97.87
 Travis Job 430.10
11 430.11 (TWINE_USERNAME=zope.wheelbuilder TWINE_PASSWORD={:secure=>"GoACBHy175St7lL5BIfW6Jz4HLG7XWpyt8znNJPe1HwInjSOWRqc0EZGVAjpCfOGX3iE3HchDH00WydkPuYEgUo0eoH59vVKk+x+LccKmUPQBSBW4HN40UVgQhtMm3BFsdk+dq0taxw2ZNGmv0+uo9uLqVXkcNNpokmOyoXkDmc="} WITH_COVERAGE=1 ZOPE_INTERFACE_STRICT_IRO=1) 0
98.01
 Travis Job 430.11
Source Files on build 430
Detailed source file information is not available for this build.