fix(time): Handle negative sleep values

RustPython · youknowone · Jul 7, 2025 · Jul 6, 2025 · Jul 6, 2025 · Jul 6, 2025
commit 0e6e6b9ccb177a26d2f53c67c1afa1fb0026716b
diff --git a/vm/src/convert/try_from.rs b/vm/src/convert/try_from.rs
@@ -3,6 +3,7 @@ use crate::{
     builtins::PyFloat,
     object::{AsObject, PyObject, PyObjectRef, PyPayload, PyRef, PyResult},
 };
+use malachite_bigint::Sign;
 use num_traits::ToPrimitive;
 
 /// Implemented by any type that can be created from a Python object.
@@ -124,10 +125,19 @@ impl<'a, T: PyPayload> TryFromBorrowedObject<'a> for &'a Py<T> {
 impl TryFromObject for std::time::Duration {
     fn try_from_object(vm: &VirtualMachine, obj: PyObjectRef) -> PyResult<Self> {
         if let Some(float) = obj.payload::<PyFloat>() {
-            Ok(Self::from_secs_f64(float.to_f64()))
+            let f = float.to_f64();
+            if f < 0.0 {
+                return Err(vm.new_value_error("negative duration"));
+            }
+            Ok(Self::from_secs_f64(f))
         } else if let Some(int) = obj.try_index_opt(vm) {
-            let sec = int?
-                .as_bigint()
+            let int = int?;
+            let bigint = int.as_bigint();
+            if bigint.sign() == Sign::Minus {
+                return Err(vm.new_value_error("negative duration"));
+            }
+
+            let sec = bigint
                 .to_u64()
                 .ok_or_else(|| vm.new_value_error("value out of range"))?;
             Ok(Self::from_secs(sec))

diff --git a/vm/src/stdlib/time.rs b/vm/src/stdlib/time.rs
@@ -90,8 +90,25 @@ mod decl {

     #[cfg(not(unix))]
     #[pyfunction]
-    fn sleep(dur: Duration) {
+    fn sleep(seconds: PyObjectRef, vm: &VirtualMachine) -> PyResult<()> {
+        let dur = seconds.try_into_value::<Duration>(vm).map_err(|e| {
+            if e.class().is(vm.ctx.exceptions.value_error) {
+                // Check if this is a "negative duration" error by examining the args
+                if let Some(args) = e.args().first() {
+                    if let Ok(s) = args.str(vm) {
+                        if s.as_str() == "negative duration" {
+                            return vm.new_value_error("sleep length must be non-negative");
+                        }
+                    }
+                }
+                e
+            } else {
+                e
+            }
+        })?;
+
         std::thread::sleep(dur);
+        Ok(())
     }
 
     #[cfg(not(target_os = "wasi"))]
@@ -525,7 +542,7 @@ mod platform {
     use super::decl::{SEC_TO_NS, US_TO_NS};
     #[cfg_attr(target_os = "macos", allow(unused_imports))]
     use crate::{
-        PyObject, PyRef, PyResult, TryFromBorrowedObject, VirtualMachine,
+        AsObject, PyObject, PyObjectRef, PyRef, PyResult, TryFromBorrowedObject, VirtualMachine,
         builtins::{PyNamespace, PyStrRef},
         convert::IntoPyException,
     };
@@ -691,8 +708,22 @@ mod platform {
     }
 
     #[pyfunction]
-    fn sleep(dur: Duration, vm: &VirtualMachine) -> PyResult<()> {
-        // this is basically std::thread::sleep, but that catches interrupts and we don't want to;
+    fn sleep(seconds: PyObjectRef, vm: &VirtualMachine) -> PyResult<()> {
+        let dur = seconds.try_into_value::<Duration>(vm).map_err(|e| {
+            if e.class().is(vm.ctx.exceptions.value_error) {
+                // Check if this is a "negative duration" error by examining the args
+                if let Some(args) = e.args().first() {
+                    if let Ok(s) = args.str(vm) {
+                        if s.as_str() == "negative duration" {
+                            return vm.new_value_error("sleep length must be non-negative");
+                        }
+                    }
+                }
+                e
+            } else {
+                e
+            }
+        })?;
 
         let ts = TimeSpec::from(dur);
         let res = unsafe { libc::nanosleep(ts.as_ref(), std::ptr::null_mut()) };