Skip to content

fix(tags): raise SystemError for malformed cpython EXT_SUFFIX in _generic_abi#1301

Open
r266-tech wants to merge 1 commit into
pypa:mainfrom
r266-tech:fix-tags-generic-abi-cpython-indexerror
Open

fix(tags): raise SystemError for malformed cpython EXT_SUFFIX in _generic_abi#1301
r266-tech wants to merge 1 commit into
pypa:mainfrom
r266-tech:fix-tags-generic-abi-cpython-indexerror

Conversation

@r266-tech

Copy link
Copy Markdown
Contributor

Follow-up to #1271. _generic_abi() still leaks an opaque IndexError (instead of the documented SystemError) from the public generic_tags() / sys_tags() API for a malformed cpython EXT_SUFFIX.

#1271 fixed the top-of-function guard for an empty EXT_SUFFIX, but the cpython branch a few lines down does soabi.split("-")[1]:

  • EXT_SUFFIX = ".cpython.so"soabi = "cpython"split("-") == ["cpython"][1] raises IndexError: list index out of range.
  • EXT_SUFFIX = ".cpython-.so"soabi = "cpython-" → empty version component → silently builds an invalid "cp" ABI.

Every other interpreter branch uses split("-")[0] or a slice and never over-indexes, so only the cpython branch is affected. This guards the split and raises the same SystemError("invalid sysconfig.get_config_var('EXT_SUFFIX')") for both cases — the same wrong-exception-leak class fixed in #1271 / #1264 — plus a parametrized regression test.

…eric_abi

A cpython-prefixed soabi with no version component (e.g. EXT_SUFFIX
".cpython.so") passes the top-of-function guard and the len(parts) < 3
check, but then hits soabi.split("-")[1] and raises an opaque IndexError
that escapes the public generic_tags()/sys_tags() API. Every other
interpreter branch uses split("-")[0] or a slice and never indexes past
the end, so only the cpython branch leaks.

This is the same wrong-exception-leak class fixed in pypa#1271 (empty
EXT_SUFFIX), just one branch deeper in the same function. Guard the
cpython soabi split and raise the documented SystemError instead, and
add a regression test.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant