[Python-bugs-list] [ python-Bugs-618623 ] list(xrange(sys.maxint/4)) again

noreply@sourceforge.net noreply@sourceforge.net
Thu, 10 Oct 2002 12:46:12 -0700 

Bugs item #618623, was opened at 2002-10-04 12:02
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=618623&group_id=5470

Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Armin Rigo (arigo)
Assigned to: Guido van Rossum (gvanrossum)
Summary: list(xrange(sys.maxint/4)) again

Initial Comment:
SF bug #556025 triggers again in the latest 2.2 branch:

>>> list(xrange(sys.maxint/4))
Segmentation fault (core dumped)

on my Linux box.

----------------------------------------------------------------------

>Comment By: Tim Peters (tim_one)
Date: 2002-10-10 15:46

Message:
Logged In: YES 
user_id=31435

Note that the original problem here (the test_b1 
segfault) "should have been" fixed, in 2.2.2 and 2.3, by a 
change to the test made yesterday.

----------------------------------------------------------------------

Comment By: Armin Rigo (arigo)
Date: 2002-10-05 19:51

Message:
Logged In: YES 
user_id=4771

Hunting all overflow bugs seems like a long-term project
:-)  I can got along the source and submit patches as I find
them, but at some point we will need a policy, like a common
set of overflow-checking macros to compute the size of the
memory to allocate or resize.

Just for the fun, a couple more bugs:

>>> '%2147483647d' % -123
Segmentation fault
>>> 1L<<2147483647
SystemError: NULL object passed to PyObject_InitVar

----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2002-10-05 17:07

Message:
Logged In: YES 
user_id=21627

Good. I suggest we take no action for 2.2. For the other
bugs you found, would you like to propose a patch?

----------------------------------------------------------------------

Comment By: Armin Rigo (arigo)
Date: 2002-10-05 09:41

Message:
Logged In: YES 
user_id=4771

Right, the bug doesn't show up on my SuSE 7 either, but only
on an old Mandrake box.  I found out that it is caused by a
bug in malloc().  Any malloc(n) with n greater than
(1<<31)-12 will pretend it succeeded, but actually only
allocate a few bytes, hence the immediately following
segmentation fault.  As it seems to be fixed in recent
versions of the libc I suggest to ignore this problem.

However, there are other overflow bugs in listobject.c which
are not malloc()'s fault.  Would you like me to go over the
whole code in detail and submit a patch?  Here are a couple
of examples:

>>> (sys.maxint/16+1) * range(16)
SystemError: Objects/listobject.c:63: bad argument to
internal function
>>> (sys.maxint/2+1) * range(16)
Segmentation fault (core dumped)


----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2002-10-05 05:57

Message:
Logged In: YES 
user_id=21627

I can't reproduce this on SuSE 8.1. Can you analyse this in
more detail?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=618623&group_id=5470