QUERY · ISSUE
crash in ssl module
bug
Port, board and/or hardware
unix, coverage build
MicroPython version
MicroPython v1.26.0-preview.387.g67acac257f.dirty on 2025-07-19; linux [GCC 12.2.0] version
Reproduction
Run the following code:
import io
import ssl
class TestSocket(io.IOBase):
def write(self, buf):
return len(buf)
def readinto(self, buf):
return 0
def ioctl(self, cmd, arg):
print("TestSocket.ioctl", cmd, arg)
return 0
def setblocking(self, value):
print("TestSocket.setblocking({})".format(value))
ss = ssl.wrap_socket(TestSocket(), server_side=1, do_handshake=0)
ss.close()
ss.setblocking(0)
Expected behaviour
When calling setblocking on a closed ssl socket, no crash occurs
Observed behaviour
segmentation fault. gdb says
Program received signal SIGSEGV, Segmentation fault.
mp_obj_get_type (o_in=o_in@entry=0x0) at ../../py/obj.c:61
61 return o->type;
(gdb) where
#0 mp_obj_get_type (o_in=o_in@entry=0x0) at ../../py/obj.c:61
#1 0x00005555555e8ed0 in mp_load_method_maybe (obj=obj@entry=0x0,
attr=attr@entry=745, dest=dest@entry=0x7fffffffd870)
at ../../py/runtime.c:1196
#2 0x00005555555e96c6 in mp_load_method (base=0x0, attr=attr@entry=745,
dest=dest@entry=0x7fffffffd870) at ../../py/runtime.c:1239
#3 0x000055555563c7f2 in socket_setblocking (self_in=<optimized out>,
flag_in=0xe) at ../../extmod/modtls_mbedtls.c:778
Additional Information
This method, and perhaps other ones, needs to check for a NULL o->sock.
Code of Conduct
Yes, I agree
CANDIDATE · ISSUE
framebuf: crash with incorrect usage (native subclassing?)
bug
Port, board and/or hardware
unix port, coverage build, x86_64 linux
MicroPython version
MicroPython v1.26.0-preview.524.g255d74b5a8 on 2025-08-06; linux [GCC 12.2.0] version
Reproduction
Run the following Python code:
import framebuf
class FB(framebuffer.FrameBuffer): pass
FB.pixel(0,0,0)
Expected behaviour
A TypeError or other appropriate error is raised
Observed behaviour
A segmentation fault.
MicroPython v1.26.0-preview.524.g255d74b5a8 on 2025-08-06; linux [GCC 12.2.0] version
Use Ctrl-D to exit, Ctrl-E for paste mode
>>> import framebuf
>>> class FB(framebuf.FrameBuffer): pass
...
>>> FB.pixel(0,0,0)
Program received signal SIGSEGV, Segmentation fault.
0x0000555555634845 in framebuf_pixel (n_args=3, args_in=0x7fffffffda30)
at ../../extmod/modframebuf.c:376
376 if (0 <= x && x < self->width && 0 <= y && y < self->height) {
(gdb) where
#0 0x0000555555634845 in framebuf_pixel (n_args=3, args_in=0x7fffffffda30)
at ../../extmod/modframebuf.c:376
#1 0x00005555555fdf8d in fun_builtin_var_call (
self_in=0x555555711250 <framebuf_pixel_obj>, n_args=3, n_kw=0, args=0x7fffffffda30)
at ../../py/objfun.c:123
Additional Information
This was found by fuzzing.
Incidentally, when there is NOT a subclass involved, the error is detected:
>>> framebuf.FrameBuffer.pixel(0,0,0)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: argument should be a 'FrameBuffer' not a 'int'
Code of Conduct
Yes, I agree