[Python-bugs-list] [ python-Bugs-483469 ] crash on unbounded recursion in __del__ .

noreply@sourceforge.net noreply@sourceforge.net
Fri, 23 Nov 2001 18:17:52 -0800


Bugs item #483469, was opened at 2001-11-19 07:49
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=483469&group_id=5470

Category: Python Interpreter Core
Group: Python 2.1.1
Status: Open
Resolution: None
Priority: 4
Submitted By: Dallas T. Johnston (elaias)
Assigned to: Nobody/Anonymous (nobody)
Summary: crash on unbounded recursion in __del__ .

Initial Comment:
do the following.

>>> class C:
...     def __del__(self):
...         c = C()
>>> c = C()
>>> d = range(100) #anything really
>>> c = d
>>> c

Segmentation fault (core dumped)



----------------------------------------------------------------------

>Comment By: Guido van Rossum (gvanrossum)
Date: 2001-11-23 18:17

Message:
Logged In: YES 
user_id=6380

Let's be clear about rexec.  It is currently a pathetic
excuse for security.  It *could* be made safe, and this is
one of the things that would have to be fixed; but there are
so many other places that I don't really care any more
whether this particular core dump gets fixed (at least not
from a security p.o.v.).

It's strange though that even though there's a Python
function at each level, the Python stack limit check doesn't
trigger before C stack overflows. Maybe it would make more
sense to spend some time getting the general stack limit
check more robust. Unfortunately this has to be done
separately for each C compiler and each operating system
variation... :-(

----------------------------------------------------------------------

Comment By: Andrew Bennetts (spiv)
Date: 2001-11-20 06:53

Message:
Logged In: YES 
user_id=50945

I agree that segfaults like this are a problem; this is a
potential security problem because it means that untrusted
code can crash the interpreter, even if you try to use
something like rexec.

----------------------------------------------------------------------

Comment By: Dallas T. Johnston (elaias)
Date: 2001-11-19 09:45

Message:
Logged In: YES 
user_id=109241

Sorry, I thought that this was obvious enough for the person
responsible that I didn't have to explain. Thanks for the
correction though. And I would say that a segfault in any
program is a problem, especially an interpreter.

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one)
Date: 2001-11-19 09:18

Message:
Logged In: YES 
user_id=31435

Well, it's not just "an assignment":  the __del__ creates a 
local instance of C, which is destroyed while __del__ is 
trying to return, which calls __del__ again, which creates 
a local instance of C, which is destroyed while __del__ is 
trying to return, which calls __del__ again, etc etc etc.  
So it's roughly the same as

class C:
    def __str__(self):
        return str(self)

print C()

You get unbounded recursion and eventually the stack blows 
up.  "Don't do that" is the best advice <wink>.  Reduced 
priority accordingly; *maybe* Python can be changed to 
detect the stack overflow and give a "maximum recursion 
depth" exception instead.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=483469&group_id=5470