QUERY · ISSUE
websocket crash on corrupt data
bug
Port, board and/or hardware
unix port, coverage variant, linux x86_64
MicroPython version
MicroPython v1.26.0-preview.521.g658a2e3dbd on 2025-08-02; linux [GCC 12.2.0] version
Reproduction
Run the following code:
import io
import websocket
# put raw data in the stream and do a websocket read
def ws_read(msg, sz):
ws = websocket.websocket(io.BytesIO(msg))
return ws.read(sz)
# a corrupt frame
print(ws_read(b"aa", 2))
Expected behaviour
An exception is raised because the data is not valid websocket data
Observed behaviour
micropython terminates with an assertion error:
micropython: ../../extmod/modwebsocket.c:97: websocket_read: Assertion `self->buf[0] & 0x80' failed.
Additional Information
Found with fuzzer, minimized by me
Code of Conduct
Yes, I agree
CANDIDATE · ISSUE
crash in io.BufferedWriter due to missing argument validation
bug
Port, board and/or hardware
unix coverage port
MicroPython version
MicroPython v1.26.0-preview.387.ge4e97f5aa7.dirty on 2025-07-20; linux [GCC 12.2.0] version
Reproduction
Run the following script:
import io
io.BufferedWriter(None, 1).write(b"foo")
Expected behaviour
Some kind of exception like a TypeError
Observed behaviour
Segmentation fault:
Program received signal SIGSEGV, Segmentation fault.
mp_stream_rw (stream=0x6, buf_=buf_@entry=0x7ffff7c30ba0, size=1,
errcode=errcode@entry=0x7fffffffd83c, flags=flags@entry=2 '\002')
at ../../py/stream.c:50
50 const mp_stream_p_t *stream_p = mp_get_stream(stream);
(gdb) p stream
$3 = (mp_obj_t) 0x6
Additional Information
Minimal validation of the suitablity of the stream object is missing.
This crash was found via automated fuzzing. I minimized the test case the fuzzer found.
Code of Conduct
Yes, I agree