[New-bugs-announce] [issue29700] readline memory corruption when sys.stdin fd >= FD_SETSIZE for select()
Gregory P. Smith
report at bugs.python.org
Thu Mar 2 14:48:15 EST 2017
New submission from Gregory P. Smith:
The readline module causes memory corruption (sometimes a crash) when the sys.stdin file descriptor is out of bounds for its FD_SET() call within readline.c's readline_until_enter_or_signal() function.
https://github.com/python/cpython/blob/master/Modules/readline.c#L1228
A tiny program reproducing this problem is attached.
FD_SET should not be used if the file descriptor is too large for use in select() (ie: >= FD_SETSIZE). OTOH, we should probably just ditch select() entirely and use poll() here so that this issue does not exist.
On Python 2.7-3.6 we probably need to preserve both select and poll options for platform compatibility reasons since those shipped that way.
For Python 3.7 I suggest we stop supporting platforms that do not have poll() unless anyone knows of any that actually exist.
----------
components: Extension Modules
files: crash_readline_fdset.py
messages: 288825
nosy: gregory.p.smith
priority: normal
severity: normal
stage: needs patch
status: open
title: readline memory corruption when sys.stdin fd >= FD_SETSIZE for select()
type: crash
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7
Added file: http://bugs.python.org/file46689/crash_readline_fdset.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29700>
_______________________________________
More information about the New-bugs-announce
mailing list