[pypy-issue] [issue760] Malicious code object segfaults
lvh
tracker at bugs.pypy.org
Fri Jun 24 23:30:04 CEST 2011
New submission from lvh <_ at lvh.cc>:
Pypy is to succeptible to being talked sternly to.
If I politely (in lowercase), tell it to explode, it will correctly raise
BytecodeCorruption:
import new
new.function(new.code(0, 5, 8, 0, "kaboom", (), (),(), "", "", 0, ""), {})()
However, if I start to yell instead, it segfaults:
new.function(new.code(0, 5, 8, 0, "KABOOM", (), (),(), "", "", 0, ""), {})()
In all seriousness, this is because the ordinals in "kaboom" are too high, and
those bytecode ops don't actually exist. "KABOOM" produces entirely valid
(although nonsensical) bytecode, though. Here's the dis.dis output:
>>> dis.dis(f)
0 0 INPLACE_LSHIFT
1 BINARY_XOR
2 BINARY_OR
3 INPLACE_OR
4 INPLACE_OR
5 INPLACE_AND
The theory is that it is trying to apply the operation to things that should be
on its stack, but there is emphatically nothing there. Explosions ensue.
----------
messages: 2659
nosy: lac, lvh, pypy-issue
priority: bug
status: chatting
title: Malicious code object segfaults
________________________________________
PyPy bug tracker <tracker at bugs.pypy.org>
<https://bugs.pypy.org/issue760>
________________________________________
More information about the pypy-issue
mailing list