Re: [Python-Dev] another dict crasher
Warning! VERY SICK CODE INDEED ahead! barry@digicool.com (Barry A. Warsaw) writes:
"MH" == Michael Hudson <mwh@python.net> writes:
MH> segfaults both 2.1 and current (well, maybe a day old) CVS. MH> Haven't tried Tim's latest patch, but I don't believe that MH> will make any difference.
That is highly, highly nasty.
Not as nasty as this, though: dict = {} # let's force dict to malloc its table for i in range(1,10): dict[i] = i class Machiavelli: def __repr__(self): dict.clear() print # doesn't crash without this. don't know why return `"machiavelli"` def __hash__(self): return 0 dict[Machiavelli()] = Machiavelli() print dict gives, even with my posted patch to dictobject.c $ ./python crash2.py { Segmentation fault (core dumped) Any ideas what the above code should do? (Other than use the secret PSU website to hire a hitman and shoot whoever wrote the code, I mean). Cheers, M. -- Well, yes. I don't think I'd put something like "penchant for anal play" and "able to wield a buttplug" in a CV unless it was relevant to the gig being applied for... -- Matt McLeod, alt.sysadmin.recovery
I suspect there are many ways to get the dict code to blow up, and always have been. I picked on dict compare a month or so ago mostly because nobody cares how fast that runs except in the == and != cases. Others are a real bitch; for example, the fundamental lookdict function caches dictentry *ep0 = mp->ma_table; at the start as if it were invariant -- but very unlikely sequences of collisions with identical hash codes combined with mutating comparisons can turn that into a bogus pointer. List objects used to have similar vulnerabilities during sorting (where comparison is the *norm*, not a one-in-a-billion freak occurrence), and no amount of slow-the-code paranoia sufficed to plug all conceivable holes. In the end we invented an internal "immutable list type", and replace the list object's type pointer for the duration of the sort (you can still try to mutate a list during a sort, but all the mutating list methods are redirected to raise an exception when you do). The dict code has even more holes and in more places, but they're generally much harder to provoke, so they've gone unnoticed for 10 years. All in all, seemed like a good tradeoff to me <wink>.
participants (2)
-
Michael Hudson -
Tim Peters