Bug 2370944 - anaconda raises SystemError: buffer overflow on Python 3.14
Summary: anaconda raises SystemError: buffer overflow on Python 3.14
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
Assignee: anaconda-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: PYTHON3.14
TreeView+ depends on / blocked
 
Reported: 2025-06-07 11:11 UTC by Miro Hrončok
Modified: 2025-06-20 16:41 UTC (History)
9 users (show)

Fixed In Version: anaconda-43.22-4.fc43 anaconda-43.24-1.fc43
Clone Of:
Environment:
Last Closed: 2025-06-09 09:48:12 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
screen from OpenQA (23.61 KB, image/png)
2025-06-07 11:12 UTC, Miro Hrončok 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Fedora Package Sources anaconda pull-request 241 0 None None None 2025-06-07 12:03:09 UTC
Github rhinstaller anaconda pull 6447 0 None open Avoid buffer overflow with TIOCGWINSZ 2025-06-07 12:03:09 UTC

Description Miro Hrončok 2025-06-07 11:11:29 UTC 
There is an OpenQA anaconda test failure with Python 3.14 that manifests like this:

 install_default_update_netinst _boot_to_anaconda

https://openqa.stg.fedoraproject.org/tests/5055781#step/_boot_to_anaconda/5

>>> from pyanaconda.argument_parsing import get_help_width
...
>>> get_help_width()
Traceback (most recent call last):
  File "<python-input-1>", line 1, in <module>
    get_help_width()
    ~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.14/site-packages/pyanaconda/argument_parsing.py", line 68, in get_help_width
    data = fcntl.ioctl(sys.stdout, termios.TIOCGWINSZ, '1234')
SystemError: buffer overflow


$ python3.13
Python 3.13.3 (main, Apr 22 2025, 00:00:00) [GCC 14.2.1 20250110 (Red Hat 14.2.1-7)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys, termios
>>> import sys, termios, fcntl
>>> fcntl.ioctl(sys.stdout, termios.TIOCGWINSZ, "1234")
b'=\x00\xe1\x00'

$ python3.14
Python 3.14.0b2 (main, May 26 2025, 00:00:00) [GCC 14.3.1 20250523 (Red Hat 14.3.1-1)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys, termios, fcntl
>>> fcntl.ioctl(sys.stdout, termios.TIOCGWINSZ, "1234")
Traceback (most recent call last):
  File "<python-input-1>", line 1, in <module>
    fcntl.ioctl(sys.stdout, termios.TIOCGWINSZ, "1234")
    ~~~~~~~~~~~^^^^^^^^^^^^^^^^^

This might be a bug in Python.
Comment 1 Miro Hrončok 2025-06-07 11:12:38 UTC 
Created attachment 2093342 [details]
screen from OpenQA
Comment 2 Miro Hrončok 2025-06-07 11:21:51 UTC 
>>> termios.TIOCGWINSZ
21523

This is the same on both.
Comment 3 Miro Hrončok 2025-06-07 11:29:53 UTC 
https://github.com/python/cpython/commit/c2eaeee3dc3306ca486b0377b07b1a957584b691

Try to detect a buffer overflow in fcntl() and ioctl()
Comment 4 Miro Hrončok 2025-06-07 11:40:31 UTC 
This works.

>>> import sys, termios, fcntl, struct
>>> data = fcntl.ioctl(sys.stdout, termios.TIOCGWINSZ, "12345678")
>>> int(struct.unpack('hhhh', data)[1])
225

We need to read 4 shorts, not 2:

struct winsize {
        unsigned short  ws_row;
        unsigned short  ws_col; 
        unsigned short  ws_xpixel;
        unsigned short  ws_ypixel; 
};
Comment 5 Fedora Update System 2025-06-19 13:02:16 UTC 
FEDORA-2025-d33ca319e1 (anaconda-43.24-1.fc43 and anaconda-webui-40-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-d33ca319e1
Comment 6 Fedora Update System 2025-06-20 16:41:01 UTC 
FEDORA-2025-d33ca319e1 (anaconda-43.24-1.fc43 and anaconda-webui-40-1.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.