[New-bugs-announce] [issue11167] Overflow in unicode_hash

Stefan Krah report at bugs.python.org
Thu Feb 10 10:14:17 CET 2011


New submission from Stefan Krah <stefan-usenet at bytereef.org>:

Due to an integer overflow in unicode_hash, the python interpreter
crashes if built with -ftrapv:

./configure --with-pydebug CFLAGS="-ftrapv"



Starting program: /home/stefan/svn/py3k/python 
[Thread debugging using libthread_db enabled]

Program received signal SIGABRT, Aborted.
0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff71ea5c0 in *__GI_abort () at abort.c:92
#2  0x00000000005e30a0 in __mulvdi3 ()
#3  0x000000000046304b in unicode_hash (self=0x7ffff7fab110) at Objects/unicodeobject.c:7600
#4  0x000000000041a313 in PyObject_Hash (v=0x7ffff7fab110) at Objects/object.c:762
#5  0x00000000005a9093 in PyDict_GetItem (op=0x8be030, key=0x7ffff7fab110) at Objects/dictobject.c:715
#6  0x000000000046d88c in PyUnicode_InternInPlace (p=0x7fffffffdf38) at Objects/unicodeobject.c:10026
#7  0x000000000046da8b in PyUnicode_InternFromString (cp=0x5e7c99 "__len__") at Objects/unicodeobject.c:10065
#8  0x0000000000445eba in init_slotdefs () at Objects/typeobject.c:5801
#9  0x000000000044633b in add_operators (type=0x846400) at Objects/typeobject.c:5955
#10 0x000000000043e950 in PyType_Ready (type=0x846400) at Objects/typeobject.c:3860
#11 0x000000000043e87e in PyType_Ready (type=0x846000) at Objects/typeobject.c:3824
#12 0x000000000041c786 in _Py_ReadyTypes () at Objects/object.c:1513
#13 0x00000000004c99a6 in Py_InitializeEx (install_sigs=1) at Python/pythonrun.c:229
#14 0x00000000004c9d78 in Py_Initialize () at Python/pythonrun.c:321
#15 0x00000000004ead8c in Py_Main (argc=1, argv=0x7ffff7fa9040) at Modules/main.c:597
#16 0x00000000004187cf in main (argc=1, argv=0x7fffffffe3c8) at ./Modules/python.c:59



Breakpoint 1, unicode_hash (self=0x7ffff7fab110) at Objects/unicodeobject.c:7594
7594        if (self->hash != -1)
(gdb) n
7596        len = Py_SIZE(self);
(gdb) n
7597        p = self->str;
(gdb) n
7598        x = *p << 7;
(gdb) n
7599        while (--len >= 0)
(gdb) p x
$1 = 12160
(gdb) n
7600            x = (1000003*x) ^ *p++;
(gdb) n
7599        while (--len >= 0)
(gdb) n
7600            x = (1000003*x) ^ *p++;
(gdb) n
7599        while (--len >= 0)
(gdb) n
7600            x = (1000003*x) ^ *p++;
(gdb) n

Program received signal SIGABRT, Aborted.
0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) quit



This might be related to issue #10156 (unicode initialization is
not clearly defined).

----------
components: Interpreter Core
messages: 128270
nosy: georg.brandl, skrah
priority: critical
severity: normal
stage: needs patch
status: open
title: Overflow in unicode_hash
type: crash
versions: Python 3.2

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11167>
_______________________________________


More information about the New-bugs-announce mailing list