gh-148798: fix crash in _interpreters.create on surrogate str in config

rajkripal · rajkripal · commit f54773fa7826 · 2026-04-20T08:02:55.000-07:00
_config_dict_copy_str passed the result of PyUnicode_AsUTF8 straight to strncpy. When the string contained an unpaired surrogate, PyUnicode_AsUTF8 returned NULL and set UnicodeEncodeError, and strncpy dereferenced NULL. Check the return value and propagate the error, mirroring the pattern used at Modules/_interpretersmodule.c:425. Add a regression test alongside the existing gh-126221 case.
diff --git a/Lib/test/test_interpreters/test_api.py b/Lib/test/test_interpreters/test_api.py
@@ -117,6 +117,18 @@ def test_in_main(self):
         # GH-126221: Passing an invalid Unicode character used to cause a SystemError
         self.assertRaises(UnicodeEncodeError, _interpreters.create, '\udc80')
 
+        # A config object with a surrogate in a string field must raise, not crash.
+        class BadConfig:
+            use_main_obmalloc = False
+            allow_fork = False
+            allow_exec = False
+            allow_threads = False
+            allow_daemon_threads = False
+            check_multi_interp_extensions = False
+            own_gil = True
+            gil = 'own\udc80'
+        self.assertRaises(UnicodeEncodeError, _interpreters.create, BadConfig())
+
     def test_in_thread(self):
         lock = threading.Lock()
         interp = None
diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-04-20-01-45-00.gh-issue-148798.interpconfig.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-04-20-01-45-00.gh-issue-148798.interpconfig.rst
@@ -0,0 +1,5 @@
+Fix a crash in :func:`!_interpreters.create` when a config object passes a
+string with an unpaired surrogate as a value (for example ``gil``). The
+internal helper ``_config_dict_copy_str`` now checks the return of
+:c:func:`PyUnicode_AsUTF8` before copying, turning the segfault into a
+:exc:`UnicodeEncodeError`.
diff --git a/Python/interpconfig.c b/Python/interpconfig.c
@@ -133,7 +133,12 @@ _config_dict_copy_str(PyObject *dict, const char *name,
         config_dict_invalid_type(name);
         return -1;
     }
-    strncpy(buf, PyUnicode_AsUTF8(item), bufsize-1);
+    const char *utf8 = PyUnicode_AsUTF8(item);
+    if (utf8 == NULL) {
+        Py_DECREF(item);
+        return -1;
+    }
+    strncpy(buf, utf8, bufsize-1);
     buf[bufsize-1] = '\0';
     Py_DECREF(item);
     return 0;
