[New-bugs-announce] [issue2629] _Py_ForgetReference crash when called from _PyUnicode_New on MemoryError
Gregory P. Smith
report at bugs.python.org
Mon Apr 14 04:56:09 CEST 2008
New submission from Gregory P. Smith <greg at krypto.org>:
In _PyUnicode_New() a unicode object is taken from the freelist but if
the unicode_resize() call fails and returns -1, the goto onerror calls
_Py_ForgetReference on the unicode object... But it has NULL _ob_prev
and _ob_next values causing a crash when they're used.
How to reproduce:
* Make a 32-bit --with-pydebug build of Python trunk.
* Run it on a machine with lots of ram (at least 3gigs recommended, or
lots of swap and a heap of patience):
./python
Python 2.6a2+ (trunk:62336M, Apr 13 2008, 18:51:30)
>>> msg = 'A'*2000111222
>>> x = msg.decode('utf8')
It segmentation faults in _Py_ForgetReference.
----------
messages: 65456
nosy: gregory.p.smith
severity: normal
status: open
title: _Py_ForgetReference crash when called from _PyUnicode_New on MemoryError
type: crash
versions: Python 2.6
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2629>
__________________________________
More information about the New-bugs-announce
mailing list