[New-bugs-announce] [issue4547] Long jumps with frame_setlineno

fboule report at bugs.python.org
Fri Dec 5 14:05:08 CET 2008


New submission from fboule <fabien.bouleau at ses-engineering.com>:

This concerns a known bug in the frame_setlineno() function for Python
2.5.x and 2.6.x (maybe in earlier/later version too). It is not possible
to use this function when the address or line offset in lnotab are
greater than 127. The problem comes from the lnotab variable which is
typed char*, i.e. "signed char*" implicitly. Any value above 127 becomes
a negative number.

The fix is very simple (applied on the Python 2.6.1 version of the
source code):

--- frameobject.c       Thu Oct 02 19:39:50 2008
+++ frameobject_fixed.c Fri Dec 05 11:27:42 2008
@@ -119,8 +119,8 @@
        line = f->f_code->co_firstlineno;
        new_lasti = -1;
        for (offset = 0; offset < lnotab_len; offset += 2) {
-               addr += lnotab[offset];
-               line += lnotab[offset+1];
+               addr += ((unsigned char*)lnotab)[offset];
+               line += ((unsigned char*)lnotab)[offset+1];
                if (line >= new_lineno) {
                        new_lasti = addr;
                        new_lineno = line;

----------
components: Interpreter Core
messages: 77013
nosy: fboule
severity: normal
status: open
title: Long jumps with frame_setlineno
type: crash
versions: Python 2.5, Python 2.5.3, Python 2.6

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4547>
_______________________________________


More information about the New-bugs-announce mailing list