[Python-bugs-list] [ python-Bugs-483469 ] crash on unbounded recursion in __del__ .
noreply@sourceforge.net
noreply@sourceforge.net
Tue, 27 Nov 2001 13:00:09 -0800
Bugs item #483469, was opened at 2001-11-19 07:49
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=483469&group_id=5470
Category: Python Interpreter Core
Group: Python 2.1.1
Status: Open
Resolution: None
Priority: 4
Submitted By: te (elaias)
>Assigned to: Tim Peters (tim_one)
Summary: crash on unbounded recursion in __del__ .
Initial Comment:
do the following.
>>> class C:
... def __del__(self):
... c = C()
>>> c = C()
>>> d = range(100) #anything really
>>> c = d
>>> c
Segmentation fault (core dumped)
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2001-11-27 13:00
Message:
Logged In: YES
user_id=31435
Assigned to me (to figure out why the Python-level
recursion check isn't triggering, not to tumble into the
bottomless "outguess all C runtimes" pit).
----------------------------------------------------------------------
Comment By: Guido van Rossum (gvanrossum)
Date: 2001-11-23 18:17
Message:
Logged In: YES
user_id=6380
Let's be clear about rexec. It is currently a pathetic
excuse for security. It *could* be made safe, and this is
one of the things that would have to be fixed; but there are
so many other places that I don't really care any more
whether this particular core dump gets fixed (at least not
from a security p.o.v.).
It's strange though that even though there's a Python
function at each level, the Python stack limit check doesn't
trigger before C stack overflows. Maybe it would make more
sense to spend some time getting the general stack limit
check more robust. Unfortunately this has to be done
separately for each C compiler and each operating system
variation... :-(
----------------------------------------------------------------------
Comment By: Andrew Bennetts (spiv)
Date: 2001-11-20 06:53
Message:
Logged In: YES
user_id=50945
I agree that segfaults like this are a problem; this is a
potential security problem because it means that untrusted
code can crash the interpreter, even if you try to use
something like rexec.
----------------------------------------------------------------------
Comment By: te (elaias)
Date: 2001-11-19 09:45
Message:
Logged In: YES
user_id=109241
Sorry, I thought that this was obvious enough for the person
responsible that I didn't have to explain. Thanks for the
correction though. And I would say that a segfault in any
program is a problem, especially an interpreter.
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2001-11-19 09:18
Message:
Logged In: YES
user_id=31435
Well, it's not just "an assignment": the __del__ creates a
local instance of C, which is destroyed while __del__ is
trying to return, which calls __del__ again, which creates
a local instance of C, which is destroyed while __del__ is
trying to return, which calls __del__ again, etc etc etc.
So it's roughly the same as
class C:
def __str__(self):
return str(self)
print C()
You get unbounded recursion and eventually the stack blows
up. "Don't do that" is the best advice <wink>. Reduced
priority accordingly; *maybe* Python can be changed to
detect the stack overflow and give a "maximum recursion
depth" exception instead.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=483469&group_id=5470