[Python-Dev] another dict crasher

[Michael Hudson]

Michael Hudson <mwh@python.net> writes:

> Adapted from a report on comp.lang.python from Wolfgang Lipp:
[snip]
> segfaults both 2.1 and current (well, maybe a day old) CVS.  Haven't
> tried Tim's latest patch, but I don't believe that will make any
> difference.
> 
> It's obvious <wink> what's happening; the dict's resizing inside the
> for loop in dict_repr and the ep pointer is dangling.

Actually this crash was dict_print (I always forget about tp_print...).

It's pretty easy to mend:

*** dictobject.c        Fri Jun  1 13:08:13 2001
--- dictobject.c-fixed  Fri Jun  1 12:59:07 2001
***************
*** 793,795 ****
        any = 0;
!       for (i = 0, ep = mp->ma_table; i < mp->ma_size; i++, ep++) {
                if (ep->me_value != NULL) {
--- 793,796 ----
        any = 0;
!       for (i = 0; i < mp->ma_size; i++) {
!               ep = &mp->ma_table[i];
                if (ep->me_value != NULL) {
***************
*** 833,835 ****
        any = 0;
!       for (i = 0, ep = mp->ma_table; i < mp->ma_size && v; i++, ep++) {
                if (ep->me_value != NULL) {
--- 834,837 ----
        any = 0;
!       for (i = 0; i < mp->ma_size && v; i++) {
!               ep = &mp->ma_table[i];
                if (ep->me_value != NULL) {

I'm not sure this stops still more Machiavellian behaviour from
crashing the interpreter, and you can certainly get items being
printed more than once or not at all.  I'm not sure this last is a
problem; if the user's being this contrary there's only so much we can
do to help him or her.

Cheers,
M.

-- 
  I also feel it essential to note, [...], that Description Logics,
  non-Monotonic Logics, Default Logics and Circumscription Logics 
  can all collectively go suck a cow. Thank you.
              -- http://advogato.org/person/Johnath/diary.html?start=4