pyo3 icon indicating copy to clipboard operation
pyo3 copied to clipboard
verified publisher icon PyO3

fix(pymodule): improve safety of PyModule::from_code

Open sxlijin opened this issue 1 year ago • 3 comments

If PyImport_ExecCodeModuleEx is called with an empty filename or module name, references to any Python variables defined in this context may break assumptions in standard library code.

Notably, if inspect.stack() is called while any stack frame holds a reference to a variable declared in this Python snippet, and file_name is empty, then inspect.stack() will throw while trying to resolve the file in which said variable was defined.

The exec builtin handles this by defaulting file_name to <string> and module_name to <module> - these are not the most obvious defaults, but in the spirit of consistency and providing pyo3 users with a safe API, it makes sense for PyModule::from_code to do the same.

Fixes #4769

Thank you for contributing to PyO3!

By submitting these contributions you agree for them to be dual-licensed under PyO3's MIT OR Apache-2.0 license.

Please consider adding the following to your pull request:

  • an entry for this PR in newsfragments - see [https://pyo3.rs/main/contributing.html#documenting-changes]
    • or start the PR title with docs: if this is a docs-only change to skip the check
  • docs to all new functions and / or detail in the guide
  • tests for all new or changed functions

PyO3's CI pipeline will check your pull request, thus make sure you have checked the Contributing.md guidelines. To run most of its tests locally, you can run nox. See nox --list-sessions for a list of supported actions.

sxlijin avatar Dec 06 '24 20:12 sxlijin

Still need to add tests, but I can't build pyo3 on my machine right now (something about ld not being able to resolve py3.10, even though I have it installed on my machine... - will figure this out later)

sxlijin avatar Dec 06 '24 20:12 sxlijin

@sxlijin are you available to add that test and make CI green? I'm not sure why it failed, maybe you just need to rebase on main.

mejrs avatar Apr 13 '25 21:04 mejrs

Ahh sorry! I'm terrible at responding to GH notifications from folks not at my company...

Happy to add tests and update docs. Will put this on my TODO for next week - I have commitments every day this week.

sxlijin avatar Apr 14 '25 22:04 sxlijin

I took the liberty to rebase this and add the missing test and update our examples.

Icxolu avatar Jun 28 '25 21:06 Icxolu

Thank you!! Sorry I dropped the ball on this 😅

sxlijin avatar Jun 30 '25 17:06 sxlijin