QUERY · ISSUE
crash in io.BufferedWriter due to missing argument validation
bug
Port, board and/or hardware
unix coverage port
MicroPython version
MicroPython v1.26.0-preview.387.ge4e97f5aa7.dirty on 2025-07-20; linux [GCC 12.2.0] version
Reproduction
Run the following script:
import io
io.BufferedWriter(None, 1).write(b"foo")
Expected behaviour
Some kind of exception like a TypeError
Observed behaviour
Segmentation fault:
Program received signal SIGSEGV, Segmentation fault.
mp_stream_rw (stream=0x6, buf_=buf_@entry=0x7ffff7c30ba0, size=1,
errcode=errcode@entry=0x7fffffffd83c, flags=flags@entry=2 '\002')
at ../../py/stream.c:50
50 const mp_stream_p_t *stream_p = mp_get_stream(stream);
(gdb) p stream
$3 = (mp_obj_t) 0x6
Additional Information
Minimal validation of the suitablity of the stream object is missing.
This crash was found via automated fuzzing. I minimized the test case the fuzzer found.
Code of Conduct
Yes, I agree
CANDIDATE · ISSUE
ringbuf: Zero-length ringbuf creation allowed, causes crash
bug
Port, board and/or hardware
unix port, coverage variant, x86_64 linux
MicroPython version
MicroPython v1.26.0-preview.524.g255d74b5a8 on 2025-08-06; linux [GCC 12.2.0] version
Reproduction
Run the following script:
import micropython
rb = micropython.RingIO(bytearray(0))
rb.write(b'\1')
Expected behaviour
An exception is thown on line 2, because a zero-byte ring buffer is nonsense.
Observed behaviour
Division by zero (reported by Linux as SIGFPE) occurs on line 3:
>>> micropython.RingIO(bytearray(0)).write(b'\1')
Program received signal SIGFPE, Arithmetic exception.
0x0000555555605f33 in ringbuf_free (r=0x7ffff7c318a8) at ../../py/ringbuf.h:86
86 return (r->size + r->iget - r->iput - 1) % r->size;
Additional Information
Found via fuzzing, manually minimized.
Code of Conduct
Yes, I agree