← index #18172PR #18756
Likely Duplicate · high · value 0.823
QUERY · ISSUE

bytearray(uctypes.bytes_at(0, 8)) segfaults in memcpy

openby MaksimFengopened 2025-09-29updated 2026-03-20
bugproposed-close

Port, board and/or hardware

Unix port

MicroPython version

MicroPython v1.27.0-preview.107.gd1607598f on 2025-09-09; linux [GCC 14.2.0] version

Reproduction

import uctypes
arr = uctypes.bytes_at(0, 8)
arr2 = bytearray(arr)
arr2[0] = 1

Expected behaviour

A Python-level exception when the source buffer refers to an unreadable address (e.g., ValueError or OSError), or the unix port rejects bytes_at(0, 8) up front.

Observed behaviour

Program received signal SIGSEGV, Segmentation fault.
[#0] 0x7ffff7d95780 → __memcpy_avx_unaligned_erms()
[#1] 0x5555555fa3fd → memcpy(__dest=<optimised out>, __src=<optimised out>, __len=0x8)
[#2] 0x5555555fa3fd → array_construct(typecode=0x1, initializer=<optimised out>)
[#3] 0x5555555fa73b → bytearray_make_new(type_in=<optimised out>, n_args=0x1, n_kw=<optimised out>, args=0x7ffff7e27de0)
[#4] 0x555555618eff → type_call(self_in=<optimised out>, n_args=<optimised out>, n_kw=<optimised out>, args=<optimised out>)
[#5] 0x5555555ed738 → mp_call_function_n_kw(fun_in=0x55555571d070 <mp_type_bytearray>, n_args=0x1, n_kw=0x0, args=0x7ffff7e27de0)
[#6] 0x555555629936 → mp_execute_bytecode(code_state=0x7ffff7e27da0, inject_exc=<optimised out>)
[#7] 0x555555602482 → fun_bc_call(self_in=0x7ffff7e27ce0, n_args=<optimised out>, n_kw=<optimised out>, args=0x0)
[#8] 0x5555555ed738 → mp_call_function_n_kw(fun_in=0x7ffff7e27ce0, n_args=0x0, n_kw=0x0, args=0x0)
[#9] 0x5555555f0211 → mp_call_function_0(fun=<optimised out>)

Additional Information

No, I've provided everything above.

Code of Conduct

Yes, I agree

CANDIDATE · PULL REQUEST

extmod/moductypes: Add address validation to bytes_at/bytearray_at

closedby bob10042opened 2026-01-30updated 2026-01-31

Fixes #18167, #18166, #18172

Problem:
uctypes.bytes_at() and bytearray_at() accept invalid addresses including:

  • Negative values (convert to huge unsigned values)
  • NULL pointers (address 0)
  • Non-canonical addresses causing overflow

This leads to segfaults when accessing invalid memory regions.

Solution:
Add comprehensive address validation in both functions:

  • Reject negative addresses before unsigned conversion
  • Reject NULL pointer (address 0)
  • Check for address + size overflow

Impact:

  • Prevents arbitrary memory read/write vulnerabilities
  • Provides clear error messages for invalid addresses
  • Protects against segfaults from malformed input

Keyboard

j / / n
next pair
k / / p
previous pair
1 / / h
show query pane
2 / / l
show candidate pane
c
copy suggested comment
r
toggle reasoning
g i
go to index
?
show this help
esc
close overlays

press ? or esc to close

copied