[New-bugs-announce] [issue9869] long_subtype_new segfault in pure-Python code

Carl Witty report at bugs.python.org
Thu Sep 16 09:51:51 CEST 2010

New submission from Carl Witty <Carl.Witty at gmail.com>:

PyNumber_Long() (and hence long_new()) are willing to return ints, rather than longs.  However, when long_subtype_new() calls long_new(), it casts the result to PyLongObject* without a check.  (Well, there is an assertion, so if assertions are enabled you'd get an assertion failure instead of a potential segmentation fault.)

The attached program segfaults for me; returning smaller numbers than 1000000 sometimes gives bad answers instead of crashing.

components: Interpreter Core
files: python_long_bug.py
messages: 116514
nosy: cwitty
priority: normal
severity: normal
status: open
title: long_subtype_new segfault in pure-Python code
type: crash
versions: Python 2.5, Python 2.6, Python 2.7
Added file: http://bugs.python.org/file18899/python_long_bug.py

