crash in io.BufferedWriter due to missing argument validation
Port, board and/or hardware
unix coverage port
MicroPython version
MicroPython v1.26.0-preview.387.ge4e97f5aa7.dirty on 2025-07-20; linux [GCC 12.2.0] version
Reproduction
Run the following script:
import io
io.BufferedWriter(None, 1).write(b"foo")
Expected behaviour
Some kind of exception like a TypeError
Observed behaviour
Segmentation fault:
Program received signal SIGSEGV, Segmentation fault.
mp_stream_rw (stream=0x6, buf_=buf_@entry=0x7ffff7c30ba0, size=1,
errcode=errcode@entry=0x7fffffffd83c, flags=flags@entry=2 '\002')
at ../../py/stream.c:50
50 const mp_stream_p_t *stream_p = mp_get_stream(stream);
(gdb) p stream
$3 = (mp_obj_t) 0x6
Additional Information
Minimal validation of the suitablity of the stream object is missing.
This crash was found via automated fuzzing. I minimized the test case the fuzzer found.
Code of Conduct
Yes, I agree
`json.dump` behaves incorrectly on invalid stream write bytes count.
Port, board and/or hardware
Unix
MicroPython version
MicroPython v1.28.0-preview.174.ga8b71559cf on 2026-02-20; linux [GCC 15.2.1] version
Reproduction
- Run the following minimised code snippet:
import io, json
class S(io.IOBase):
def write(self, buf):
return 2
json.dump({}, S())
Expected behaviour
The code should either reject stream writes with an unexpected number of bytes written or just ignore them.
Observed behaviour
The interpreter hangs due to repeated calls to io.IOBase.write, and after a while it will crash on certain targets.
Additional Information
CPython seems to ignore the return value of the stream callback and only checks for exceptions being raised. The test case code doesn't hang or crash on all recent CPython versions I've tried.
I understand this is an edge case that may not be worth fixing, but I didn't find anything similar in the issue tracker or in the known issues list present in the documentation.
Code of Conduct
Yes, I agree