← index #18167Issue #18172
Likely Duplicate · high · value 0.784
QUERY · ISSUE

uctypes.bytes_at() accepts out-of-range (non-canonical) address and segfaults

openby MaksimFengopened 2025-09-29updated 2025-09-30
bug

Port, board and/or hardware

Unix port

MicroPython version

MicroPython v1.27.0-preview.107.gd1607598f on 2025-09-09; linux [GCC 14.2.0] version

Reproduction

A Python-level exception when the address is obviously invalid, e.g.:

  • ValueError/OverflowError for negative/out-of-range addresses, or
  • OSError if the runtime chooses to probe and detect unreadable memory on the unix port.

At minimum, reject negative addresses and detect addr + size overflow to avoid trivial VM crashes.

Expected behaviour


import uctypes
ptr = 1 << 48         
arr = uctypes.bytes_at(ptr, 8)
print('READ', arr)

Observed behaviour

Program received signal SIGSEGV, Segmentation fault.
#0  qstr_compute_hash(data=0x1000000000000, len=0x8)
#1  mp_obj_new_str_copy(type=mp_type_bytes, data=0x1000000000000, len=0x8)
#2  mp_obj_new_bytes(...)
#3  uctypes_struct_bytes_at(ptr=0x1000000000000, size=0x8)
#4  fun_builtin_2_call(...)
#5  mp_call_function_n_kw(...)
#6  mp_execute_bytecode(...)
...

Additional Information

No, I've provided everything above.

Code of Conduct

Yes, I agree

CANDIDATE · ISSUE

bytearray(uctypes.bytes_at(0, 8)) segfaults in memcpy

openby MaksimFengopened 2025-09-29updated 2026-03-20
bugproposed-close

Port, board and/or hardware

Unix port

MicroPython version

MicroPython v1.27.0-preview.107.gd1607598f on 2025-09-09; linux [GCC 14.2.0] version

Reproduction

import uctypes
arr = uctypes.bytes_at(0, 8)
arr2 = bytearray(arr)
arr2[0] = 1

Expected behaviour

A Python-level exception when the source buffer refers to an unreadable address (e.g., ValueError or OSError), or the unix port rejects bytes_at(0, 8) up front.

Observed behaviour

Program received signal SIGSEGV, Segmentation fault.
[#0] 0x7ffff7d95780 → __memcpy_avx_unaligned_erms()
[#1] 0x5555555fa3fd → memcpy(__dest=<optimised out>, __src=<optimised out>, __len=0x8)
[#2] 0x5555555fa3fd → array_construct(typecode=0x1, initializer=<optimised out>)
[#3] 0x5555555fa73b → bytearray_make_new(type_in=<optimised out>, n_args=0x1, n_kw=<optimised out>, args=0x7ffff7e27de0)
[#4] 0x555555618eff → type_call(self_in=<optimised out>, n_args=<optimised out>, n_kw=<optimised out>, args=<optimised out>)
[#5] 0x5555555ed738 → mp_call_function_n_kw(fun_in=0x55555571d070 <mp_type_bytearray>, n_args=0x1, n_kw=0x0, args=0x7ffff7e27de0)
[#6] 0x555555629936 → mp_execute_bytecode(code_state=0x7ffff7e27da0, inject_exc=<optimised out>)
[#7] 0x555555602482 → fun_bc_call(self_in=0x7ffff7e27ce0, n_args=<optimised out>, n_kw=<optimised out>, args=0x0)
[#8] 0x5555555ed738 → mp_call_function_n_kw(fun_in=0x7ffff7e27ce0, n_args=0x0, n_kw=0x0, args=0x0)
[#9] 0x5555555f0211 → mp_call_function_0(fun=<optimised out>)

Additional Information

No, I've provided everything above.

Code of Conduct

Yes, I agree

Keyboard

j / / n
next pair
k / / p
previous pair
1 / / h
show query pane
2 / / l
show candidate pane
c
copy suggested comment
r
toggle reasoning
g i
go to index
?
show this help
esc
close overlays

press ? or esc to close

copied