René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"`tkinter.Tk` segfault with invalid `className`","articleBody":"# Crash report\r\n\r\n### What happened?\r\n\r\nIt's possible to crash Python by passing an invalid `className` to `_tkinter.create`, for example:\r\n```python\r\nimport  _tkinter \r\n_tkinter.create(None, '', '\\U0010FFFF', None)\r\n```\r\n\r\nOr, using `tkinter.Tk` (repro thanks to @graingert and @JelleZijlstra):\r\n```python\r\n% ./python.exe \r\nPython 3.14.0a0 experimental free-threading build (heads/gh-125331:c315120a535, Oct 30 2024, 11:22:31) [Clang 15.0.0 (clang-1500.3.9.4)] on darwin\r\nType \"help\", \"copyright\", \"credits\" or \"license\" for more information.\r\n\u003e\u003e\u003e import tkinter\r\n... tkinter.Tk(screenName=None, baseName='', className='\\U0010FFFF')\r\n... \r\nzsh: segmentation fault  ./python.exe\r\n```\r\n\r\nBacktrace looks like:\r\n\r\n```gdb\r\n#0  0x00007ffff77bab5b in Tcl_UtfToUniChar () from /lib/x86_64-linux-gnu/libtcl8.6.so\r\n#1  0x00007ffff77bc993 in ?? () from /lib/x86_64-linux-gnu/libtcl8.6.so\r\n#2  0x00007ffff77bb795 in Tcl_UtfToTitle () from /lib/x86_64-linux-gnu/libtcl8.6.so\r\n#3  0x00007ffff78b5083 in ?? () from /lib/x86_64-linux-gnu/libtk8.6.so\r\n#4  0x00007ffff79dcf9d in Tcl_AppInit (interp=0x555555e14860) at ./Modules/tkappinit.c:40\r\n#5  0x00007ffff79d92b4 in Tkapp_New (screenName=screenName@entry=0x0,\r\n    className=className@entry=0x7ffff7c2c1c0 \"\\364\\217\\277\\277\", interactive=interactive@entry=0,\r\n    wantobjects=wantobjects@entry=0, wantTk=wantTk@entry=1, sync=sync@entry=0, use=0x0)\r\n    at ./Modules/_tkinter.c:730\r\n#6  0x00007ffff79d953f in _tkinter_create_impl (module=module@entry=\u003cmodule at remote 0x7ffff7ab9eb0\u003e,\r\n    screenName=screenName@entry=0x0, baseName=baseName@entry=0x555555c77ef0 \u003c_PyRuntime+51344\u003e \"\",\r\n    className=className@entry=0x7ffff7c2c1c0 \"\\364\\217\\277\\277\", interactive=interactive@entry=0,\r\n    wantobjects=wantobjects@entry=0, wantTk=1, sync=0, use=0x0) at ./Modules/_tkinter.c:3176\r\n#7  0x00007ffff79d99c6 in _tkinter_create (module=\u003cmodule at remote 0x7ffff7ab9eb0\u003e, args=0x7ffff7fb0080,\r\n    nargs=\u003coptimized out\u003e) at ./Modules/clinic/_tkinter.c.h:820\r\n#8  0x00005555556f18b0 in cfunction_vectorcall_FASTCALL (\r\n    func=\u003cbuilt-in method create of module object at remote 0x7ffff7ab9eb0\u003e, args=0x7ffff7fb0080,\r\n    nargsf=\u003coptimized out\u003e, kwnames=\u003coptimized out\u003e) at Objects/methodobject.c:436\r\n#9  0x000055555567ba55 in _PyObject_VectorcallTstate (tstate=0x555555cbbc70 \u003c_PyRuntime+329232\u003e,\r\n    callable=\u003cbuilt-in method create of module object at remote 0x7ffff7ab9eb0\u003e, args=0x7ffff7fb0080,\r\n    nargsf=9223372036854775812, kwnames=0x0) at ./Include/internal/pycore_call.h:167\r\n```\r\n\r\n\r\nFound using fusil by @vstinner. \r\n\r\n### CPython versions tested on:\r\n\r\n3.12, 3.14, CPython main branch\r\n\r\n### Operating systems tested on:\r\n\r\nLinux, macOS, Windows\r\n\r\n### Output from running 'python -VV' on the command line:\r\n\r\nPython 3.14.0a1+ (heads/main:d467d9246c, Oct 30 2024, 22:52:43) [GCC 11.4.0]","author":{"url":"https://github.com/devdanzin","@type":"Person","name":"devdanzin"},"datePublished":"2024-10-31T02:55:21.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":5},"url":"https://github.com/126219/cpython/issues/126219"}