QUERY · ISSUE

crash in ssl module

openby jepleropened 2025-07-19updated 2025-07-19

bug

Port, board and/or hardware

unix, coverage build

MicroPython version

MicroPython v1.26.0-preview.387.g67acac257f.dirty on 2025-07-19; linux [GCC 12.2.0] version

Reproduction

Run the following code:

import io
import ssl

class TestSocket(io.IOBase):
    def write(self, buf):
        return len(buf)

    def readinto(self, buf):
        return 0

    def ioctl(self, cmd, arg):
        print("TestSocket.ioctl", cmd, arg)
        return 0

    def setblocking(self, value):
        print("TestSocket.setblocking({})".format(value))


ss = ssl.wrap_socket(TestSocket(), server_side=1, do_handshake=0)
ss.close()
ss.setblocking(0)

Expected behaviour

When calling setblocking on a closed ssl socket, no crash occurs

Observed behaviour

segmentation fault. gdb says

Program received signal SIGSEGV, Segmentation fault.
mp_obj_get_type (o_in=o_in@entry=0x0) at ../../py/obj.c:61
61	        return o->type;
(gdb) where
#0  mp_obj_get_type (o_in=o_in@entry=0x0) at ../../py/obj.c:61
#1  0x00005555555e8ed0 in mp_load_method_maybe (obj=obj@entry=0x0, 
    attr=attr@entry=745, dest=dest@entry=0x7fffffffd870)
    at ../../py/runtime.c:1196
#2  0x00005555555e96c6 in mp_load_method (base=0x0, attr=attr@entry=745, 
    dest=dest@entry=0x7fffffffd870) at ../../py/runtime.c:1239
#3  0x000055555563c7f2 in socket_setblocking (self_in=<optimized out>, 
    flag_in=0xe) at ../../extmod/modtls_mbedtls.c:778

Additional Information

This method, and perhaps other ones, needs to check for a NULL o->sock.

Code of Conduct

Yes, I agree

CANDIDATE · ISSUE

crash in io.BufferedWriter due to missing argument validation

openby jepleropened 2025-07-20updated 2025-07-20

bug

Port, board and/or hardware

unix coverage port

MicroPython version

MicroPython v1.26.0-preview.387.ge4e97f5aa7.dirty on 2025-07-20; linux [GCC 12.2.0] version

Reproduction

Run the following script:

import io
io.BufferedWriter(None, 1).write(b"foo")

Expected behaviour

Some kind of exception like a TypeError

Observed behaviour

Segmentation fault:

Program received signal SIGSEGV, Segmentation fault.
mp_stream_rw (stream=0x6, buf_=buf_@entry=0x7ffff7c30ba0, size=1, 
    errcode=errcode@entry=0x7fffffffd83c, flags=flags@entry=2 '\002')
    at ../../py/stream.c:50
50	    const mp_stream_p_t *stream_p = mp_get_stream(stream);
(gdb) p stream
$3 = (mp_obj_t) 0x6

Additional Information

Minimal validation of the suitablity of the stream object is missing.

This crash was found via automated fuzzing. I minimized the test case the fuzzer found.

Code of Conduct

Yes, I agree

crash in ssl module

Port, board and/or hardware

MicroPython version

Reproduction

Expected behaviour

Observed behaviour

Additional Information

Code of Conduct

crash in io.BufferedWriter due to missing argument validation

Port, board and/or hardware

MicroPython version

Reproduction

Expected behaviour

Observed behaviour

Additional Information

Code of Conduct

Keyboard