Bug 1804625

Summary: dnf crashes with an UTF-8 char in a repository filename
Product: Red Hat Enterprise Linux 8 Reporter: Pavla Kratochvilova <pkratoch>
Component: swigAssignee: Jitka Plesnikova <jplesnik>
Status: CLOSED ERRATA QA Contact: RHEL CS Apps Subsystem QE <rhel-cs-apps-subsystem-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.1CC: bnater, cbesson, jorton, jplesnik, kwalker, marek.schimara, pkratoch, swm-qe
Target Milestone: rcKeywords: Patch, Reproducer, Triaged
Target Release: 8.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1803038 Environment:
Last Closed: 2020-11-04 02:32:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1803038    
Attachments:
Description Flags
Backported upstream fix
none
swig file
none
test file none

Description Pavla Kratochvilova 2020-02-19 09:57:35 UTC 
+++ This bug was initially created as a clone of Bug #1803038 +++

Description of problem:
DNF crashes with an UTF-8 char in the repository filename

Version-Release number of selected component (if applicable):
libdnf-0.35.1-9.el8_1.x86_64
dnf-4.2.7-7.el8_1.noarch

How reproducible:
100%

Steps to Reproduce:
1. touch '/etc/yum.repos.d/team'$'\303''_epel.repo' 
2. dnf repolist

Actual results:
# dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Segmentation fault (core dumped)

Expected results:
No crash.

Additional info:
This looks similar to another bug, but this commit has already been backported:
https://github.com/rpm-software-management/libdnf/commit/97c23dfff803ef30b4d25a224218da1442a49220

I will attach the corresponding coredump.

(gdb) bt
#0  0x00007f45515415aa in PyBytes_AsStringAndSize (obj=<optimized out>, s=<optimized out>, len=<optimized out>, obj=<optimized out>, s=<optimized out>, len=<optimized out>)
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/bytesobject.c:1296
#1  0x00007f454398b921 in SWIG_AsCharPtrAndSize (obj=0x0, obj@entry='/etc/yum.repos.d/team\udcc3_epel.repo', cptr=cptr@entry=0x7ffc6ee86290, psize=psize@entry=0x7ffc6ee86298, 
    alloc=alloc@entry=0x7ffc6ee8628c) at /usr/src/debug/libdnf-0.35.1-9.el8_1.x86_64/build-py3/bindings/python/confPYTHON_wrap.cxx:4821
#2  0x00007f454399913a in SWIG_AsPtr_std_string(PyObject*, std::(char, long long, long long, ::string**)) (obj='/etc/yum.repos.d/team\udcc3_epel.repo', val=0x7ffc6ee862f0)
    at /usr/src/debug/libdnf-0.35.1-9.el8_1.x86_64/build-py3/bindings/python/confPYTHON_wrap.cxx:4912
#3  0x00007f454399acd9 in _wrap_ConfigParser_read (args=<optimized out>) at /usr/src/debug/libdnf-0.35.1-9.el8_1.x86_64/build-py3/bindings/python/confPYTHON_wrap.cxx:26409
#4  0x00007f45515a7832 in _PyCFunction_FastCallDict (func_obj=<built-in method ConfigParser_read of module object at remote 0x7f4543c2d5e8>, args=0x7f453dc04a98, nargs=<optimized out>, 
    kwargs=0x0) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/methodobject.c:234
#5  0x00007f45515a7d6d in call_function (pp_stack=0x7ffc6ee86458, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4851
#6  0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#7  0x00007f455157361a in _PyFunction_FastCall (globals=<optimized out>, nargs=2, args=<optimized out>, co=<optimized out>)
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#8  fast_function (func=<optimized out>, stack=0x55742f024700, nargs=2, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#9  0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee86608, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#10 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#11 0x00007f455157361a in _PyFunction_FastCall (globals=<optimized out>, nargs=2, args=<optimized out>, co=<optimized out>)
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#12 fast_function (func=<optimized out>, stack=0x55742f375280, nargs=2, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#13 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee867b8, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#14 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#15 0x00007f45515a8e8f in gen_send_ex (closing=0, exc=<optimized out>, arg=0x0, gen=0x7f453af40a98) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/genobject.c:563
#16 gen_iternext (gen=0x7f453af40a98) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/genobject.c:563
#17 0x00007f45515e73e6 in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3111
#18 0x00007f45515a8e0f in gen_send_ex (closing=0, exc=<optimized out>, arg=0x0, gen=0x7f453af40b48) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/genobject.c:563
#19 gen_iternext (gen=0x7f453af40b48) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Objects/genobject.c:563
#20 0x00007f45515e73e6 in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3111
#21 0x00007f45515397db in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x0, 
    kwargs=0x55742f2b90f0, kwcount=<optimized out>, kwstep=1, defs=0x7f454df4d5d8, defcount=1, kwdefs=0x0, closure=0x0, name='read_all_repos', qualname='Base.read_all_repos')
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4166
#22 0x00007f45515737d0 in fast_function (func=<optimized out>, stack=0x55742f2b90e0, nargs=2, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4992
#23 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee86d78, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#24 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#25 0x00007f455157361a in _PyFunction_FastCall (globals=<optimized out>, nargs=2, args=<optimized out>, co=<optimized out>)
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#26 fast_function (func=<optimized out>, stack=0x55742eec8768, nargs=2, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#27 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee86f28, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#28 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#29 0x00007f45515397db in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x0, 
    kwargs=0x55742f052b98, kwcount=<optimized out>, kwstep=1, defs=0x7f453e340f40, defcount=1, kwdefs=0x0, closure=0x0, name='configure', qualname='Cli.configure')
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4166
#30 0x00007f45515737d0 in fast_function (func=<optimized out>, stack=0x55742f052b80, nargs=3, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4992
#31 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee87208, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#32 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#33 0x00007f455157361a in _PyFunction_FastCall (globals=<optimized out>, nargs=4, args=<optimized out>, co=<optimized out>)
    at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
#34 fast_function (func=<optimized out>, stack=0x55742f00ba20, nargs=4, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4968
--Type <RET> for more, q to quit, c to continue without paging--c
#35 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee873b8, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#36 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#37 0x00007f45515397db in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x0, kwargs=0x55742f004318, kwcount=<optimized out>, kwstep=1, defs=0x7f453dbf08d0, defcount=3, kwdefs=0x0, closure=0x0, name='main', qualname='main') at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4166
#38 0x00007f45515737d0 in fast_function (func=<optimized out>, stack=0x55742f004310, nargs=1, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4992
#39 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee87698, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#40 0x00007f45515e6faa in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3335
#41 0x00007f45515397db in _PyEval_EvalCodeWithName (_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kwnames=0x7f45504491e8, kwargs=0x55742ec2e0f0, kwcount=<optimized out>, kwstep=1, defs=0x7f453dbf4728, defcount=1, kwdefs=0x0, closure=0x0, name='user_main', qualname='user_main') at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4166
#42 0x00007f45515737d0 in fast_function (func=<optimized out>, stack=0x55742ec2e0e8, nargs=1, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4992
#43 0x00007f45515a7e52 in call_function (pp_stack=0x7ffc6ee87980, oparg=<optimized out>, kwnames=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4872
#44 0x00007f45515e7f14 in _PyEval_EvalFrameDefault (f=<optimized out>, throwflag=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3351
#45 0x00007f45515c10c8 in _PyEval_EvalCodeWithName (qualname=0x0, name=<optimized out>, closure=0x0, kwdefs=0x0, defcount=0, defs=0x0, kwstep=2, kwcount=<optimized out>, kwargs=<optimized out>, kwnames=<optimized out>, argcount=<optimized out>, args=<optimized out>, locals=<optimized out>, globals=<optimized out>, _co=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:3902
#46 PyEval_EvalCodeEx (_co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kws=<optimized out>, kwcount=0, defs=0x0, defcount=0, kwdefs=0x0, closure=0x0) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:4187
#47 0x00007f45515c1f7b in PyEval_EvalCode (co=co@entry=<code at remote 0x7f4551a42540>, globals=globals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}, locals=locals@entry={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/ceval.c:731
#48 0x00007f4551654282 in run_mod (mod=<optimized out>, filename=<optimized out>, globals={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}, locals={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}, flags=<optimized out>, arena=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/pythonrun.c:1025
#49 0x00007f4551655477 in PyRun_FileExFlags (fp=0x55742ec21840, filename_str=<optimized out>, start=<optimized out>, globals={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}, locals={'__name__': '__main__', '__doc__': None, '__package__': None, '__loader__': <SourceFileLoader(name='__main__', path='/usr/bin/dnf') at remote 0x7f4551a80898>, '__spec__': None, '__annotations__': {}, '__builtins__': <module at remote 0x7f4551b48638>, '__file__': '/usr/bin/dnf', '__cached__': None, 'unicode_literals': <_Feature(optional=(2, 6, 0, 'alpha', 2), mandatory=(3, 0, 0, 'alpha', 0), compiler_flag=131072) at remote 0x7f45503dfdd8>, 'sys': <module at remote 0x7f4551ad4ef8>, 'suppress_keyboard_interrupt_message': <function at remote 0x7f4551ab1e18>, 'here': '/usr/bin', 'main': <module at remote 0x7f453e32f458>}, closeit=1, flags=0x7ffc6ee87c3c) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/pythonrun.c:978
#50 0x00007f4551656f7f in PyRun_SimpleFileExFlags (fp=0x55742ec21840, filename=<optimized out>, closeit=1, flags=0x7ffc6ee87c3c) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Python/pythonrun.c:419
#51 0x00007f455165807b in run_file (p_cf=0x7ffc6ee87c3c, filename=<optimized out>, fp=0x55742ec21840) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Modules/main.c:344
#52 Py_Main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Modules/main.c:814
#53 0x000055742cce0c68 in main (argc=3, argv=0x7ffc6ee87e48) at /usr/src/debug/python3-3.6.8-15.1.el8.x86_64/Programs/python.c:102

(gdb) f 1
#1  0x00007f454398b921 in SWIG_AsCharPtrAndSize (obj=0x0, obj@entry='/etc/yum.repos.d/team\udcc3_epel.repo', cptr=cptr@entry=0x7ffc6ee86290, psize=psize@entry=0x7ffc6ee86298, 
    alloc=alloc@entry=0x7ffc6ee8628c) at /usr/src/debug/libdnf-0.35.1-9.el8_1.x86_64/build-py3/bindings/python/confPYTHON_wrap.cxx:4821
4821	    PyBytes_AsStringAndSize(obj, &cstr, &len);
(gdb) p *cstr
$1 = 72 'H'
(gdb) p *obj
Cannot access memory at address 0x0

--- Additional comment from marek77 on 2020-02-14 13:25:19 UTC ---

The segfault still happens on Fedora 30, but is fixed on Fedora 31:

$ cat /etc/redhat-release 
Fedora release 30 (Thirty)

$ sudo touch '/etc/yum.repos.d/team'$'\303''_epel.repo'

$ sudo dnf repolist
Segmentation fault (core dumped)

$ rpm -q dnf libdnf
dnf-4.2.11-2.fc30.noarch
libdnf-0.35.5-5.fc30.x86_64

=======================================================================

$ cat /etc/redhat-release
Fedora release 31 (Thirty One)

$ sudo touch '/etc/yum.repos.d/team'$'\303''_epel.repo'

$ sudo dnf repolist
Warning: failed loading '/etc/yum.repos.d/team\udcc3_epel.repo', skipping.

<WORKS OK :) >

$ rpm -q dnf libdnf
dnf-4.2.18-1.fc31.noarch
libdnf-0.43.1-2.fc31.x86_64

--- Additional comment from Pavla Kratochvilova on 2020-02-19 09:55:54 UTC ---

The segfault is not dependent on the version of libdnf/dnf, but rather on the version of swig that is used for libdnf build. When I build the latest version of libdnf on Fedora 30 (with swig-3.0.12-26.fc30.x86_64), dnf segfaults, whereas when I build the latest version of libdnf on Fedora 31 (with swig-4.0.1-3.fc31), dnf doesn't segfault.

I will clone this bug for swig with more details.
Comment 1 Pavla Kratochvilova 2020-02-19 09:59:44 UTC 
I belive this bug is fixed in upstream swig because of the following key change in files that were automatically generated by swig:

Version 3.0.12:

#if !defined(SWIG_PYTHON_STRICT_BYTE_CHAR)
    if (!alloc && cptr) {
        /* We can't allow converting without allocation, since the internal
           representation of string in Python 3 is UCS-2/UCS-4 but we require
           a UTF-8 representation.
           TODO(bhy) More detailed explanation */
        return SWIG_RuntimeError;
    }
    obj = PyUnicode_AsUTF8String(obj);    // Note: This returns NULL if there is an exception raised by codec
    if(alloc) *alloc = SWIG_NEWOBJ;
#endif
    PyBytes_AsStringAndSize(obj, &cstr, &len);    // Note: This crashes if obj is NULL

Version 4.0.1:

#if !defined(SWIG_PYTHON_STRICT_BYTE_CHAR)
    if (!alloc && cptr) {
        /* We can't allow converting without allocation, since the internal
           representation of string in Python 3 is UCS-2/UCS-4 but we require
           a UTF-8 representation.
           TODO(bhy) More detailed explanation */
        return SWIG_RuntimeError;
    }
    obj = PyUnicode_AsUTF8String(obj);
    if (!obj)
      return SWIG_TypeError;    // Note: This fixes the bug.
    if (alloc)
      *alloc = SWIG_NEWOBJ;
#endif
    PyBytes_AsStringAndSize(obj, &cstr, &len);


Similar check after the PyUnicode_AsUTF8String call is on multiple places.
Please let me know what additional information you need.
Comment 3 Jitka Plesnikova 2020-02-19 11:45:24 UTC 
Thank you for the report and your analysis.

It was probably fixed by upstream with the commit

commit b0e29fbdf31bb94b11cb8a7cc830b4a76467afa3
Author: William S Fulton <wsf.uk>
Date:   Mon Dec 4 18:41:55 2017 +0000

    Add missing checks for failures in calls to PyUnicode_AsUTF8String.
    
    Previously a seg fault could occur when passing invalid UTF8 strings (low
    surrogates), eg passing u"\udcff" to the C layer (Python 3).

https://github.com/swig/swig/commit/b0e29fbdf31bb94b11cb8a7cc830b4a76467afa3#diff-ba23eb3671d250e6a62261f19f653dd2

It is easy to backport.
Comment 5 Jitka Plesnikova 2020-02-20 11:12:42 UTC 
Created attachment 1664315 [details]
Backported upstream fix
Comment 11 Jitka Plesnikova 2020-03-24 13:50:47 UTC 
It looks good to me.
Comment 14 Jitka Plesnikova 2020-03-30 11:34:00 UTC 
Created attachment 1674698 [details]
swig file
Comment 15 Jitka Plesnikova 2020-03-30 11:34:48 UTC 
Created attachment 1674699 [details]
test file
Comment 17 Jitka Plesnikova 2020-04-07 11:10:43 UTC 
Fixed in

commit 7050872688c2f985d5fffd058f8230e20ab9d084 (HEAD -> stream-3.0-rhel-8.3.0, origin/stream-3.0-rhel-8.3.0)
Author: Jitka Plesnikova <jplesnik>
Date:   Tue Apr 7 10:40:32 2020 +0200

    Resolves: rhbz #1804625
Comment 24 errata-xmlrpc 2020-11-04 02:32:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (swig:3.0 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4633