Py2.4 _sre uses uninitialised memory (Bug 1088891)
_sre.c, data_stack_grow() in Py2.4 uses realloc()'ed memory without initialising the newly allocated memory. For complex regexps that require additional sre stack space, this ultimately results in a core dump or corrupted heap. Filling the newly allocated memory with 0x55 makes the problem more obvious (dies on a reference to 0x55555558) for me. See bug ID 1088891: http://sourceforge.net/tracker/index.php?func=detail&aid=1088891&group_id=5470&atid=105470 Can I be the only person who crafts diabolical regexps? Here, have a lend of my brown paper bag... -- Andrew McNamara, Senior Developer, Object Craft http://www.object-craft.com.au/
Hello Andrew,
_sre.c, data_stack_grow() in Py2.4 uses realloc()'ed memory without initialising the newly allocated memory. For complex regexps that require additional sre stack space, this ultimately results in a core dump or corrupted heap. Filling the newly allocated memory with 0x55 makes the problem more obvious (dies on a reference to 0x55555558) for me.
As I just reported in the bug, the problem is not initializing the allocated memory, but acknowledging memory reallocation in certain situations where it's reallocated outside of the main matching function. Have a look at the bug at http://python.org/sf/1072259 for more information and for a patch fixing the problem. Thanks for the report, -- Gustavo Niemeyer http://niemeyer.net
participants (2)
-
Andrew McNamara -
Gustavo Niemeyer