[Patches] [ python-Patches-756032 ] re reads an uninitialized memory

SourceForge.net noreply@sourceforge.net
Fri, 27 Jun 2003 07:08:05 -0700


Patches item #756032, was opened at 2003-06-17 12:53
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=756032&group_id=5470

Category: Modules
Group: None
Status: Closed
Resolution: Fixed
Priority: 5
Submitted By: atsuo ishimoto (ishimoto)
Assigned to: Gustavo Niemeyer (niemeyer)
Summary: re reads an uninitialized memory

Initial Comment:
With this script, re reads from an address beyond the 
end of the string.

>>> import re
>>> r = re.compile(r"\b1")
>>> print r.search('a', 1)

See assert() in the attached patch to see where 
incorrect memory reading occurs.
This patch looks fix the problem, but I'm not sure this is 
correct answer.


----------------------------------------------------------------------

>Comment By: Neal Norwitz (nnorwitz)
Date: 2003-06-27 10:08

Message:
Logged In: YES 
user_id=33168

Gustavo, can you add a test case as well?  Thanks.

----------------------------------------------------------------------

Comment By: Gustavo Niemeyer (niemeyer)
Date: 2003-06-26 10:47

Message:
Logged In: YES 
user_id=7887

Fixed in Modules/_sre.c:2.99.

Thanks!

----------------------------------------------------------------------

Comment By: Gustavo Niemeyer (niemeyer)
Date: 2003-06-22 16:33

Message:
Logged In: YES 
user_id=7887

Now I can see the problem. The current test doesn't
contemplate a broken ptr/end pair. Your code is addressing
the right problem, but the right way to fix this seems to be
to avoid that branch completely, unless pattern[3] > 1
(unlike the current > 0).

Thank you very much for your patch and your insistence!


----------------------------------------------------------------------

Comment By: atsuo ishimoto (ishimoto)
Date: 2003-06-21 22:14

Message:
Logged In: YES 
user_id=463672

Sorry for my lack of infomation.

While ptr outside the boundaries is legal, but fetching from 
there is
not. One example of problem is using SRE for mmap object. 
This script
causes an application error under my w2k box.

open("tstfile", "wb").write('a'*4096)
import mmap
f = open("tstfile", "rb")
xx = mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ)
import re
r = re.compile(r"\b1")
r.search(xx, len(xx))


----------------------------------------------------------------------

Comment By: Gustavo Niemeyer (niemeyer)
Date: 2003-06-21 19:28

Message:
Logged In: YES 
user_id=7887

Atsuo, can you please describe what problem you're trying to
fix!? In other words, can you provide some code which breaks
SRE?

Your assertion doesn't seem to make sense in this place,
since having ptr outside the boundaries of beginning/end
*is* accepted. Notice how "ptr < state->end" is checked
before using ptr[0].

I'm closing this bug as invalid. If you have something you
belive to prove there's a bug in this place, please reopen
this bug.

Thank you very much for taking the time to fill this bug.


----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2003-06-21 09:30

Message:
Logged In: YES 
user_id=21627

Gustavo, can your review this code?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=756032&group_id=5470