[ python-Bugs-1088891 ] _sre.c references uninitialised memory

SourceForge.net noreply at sourceforge.net
Tue Dec 21 13:37:58 CET 2004

Bugs item #1088891, was opened at 2004-12-21 08:10
Message generated for change (Comment added) made by niemeyer
You can respond by visiting: 

Category: Regular Expressions
Group: Python 2.4
>Status: Closed
>Resolution: Fixed
Priority: 7
Submitted By: Andrew McNamara (andrewmcnamara)
Assigned to: Gustavo Niemeyer (niemeyer)
Summary: _sre.c references uninitialised memory

Initial Comment:
In _sre.c, data_stack_grow(), realloc'ed memory is not initialised 
before use. When complex regexps are used, this results in a core 

Initialising the newly allocated memory to 0x55 and executing an 
offending regexp results in a fatal reference to an address like 

static int
data_stack_grow(SRE_STATE* state, int size)
    int minsize, cursize;
    minsize = state->data_stack_base+size;
    cursize = state->data_stack_size;
    if (cursize < minsize) {
        void* stack;
        cursize = minsize+minsize/4+1024;
        TRACE(("allocate/grow stack %d\n", cursize));
        stack = realloc(state->data_stack, cursize);
        if (!stack) {
            return SRE_ERROR_MEMORY;
        memset(stack+state->data_stack_size, 0x55, cursize-state-
        state->data_stack = stack;
        state->data_stack_size = cursize;
    return 0;


>Comment By: Gustavo Niemeyer (niemeyer)
Date: 2004-12-21 12:37

Logged In: YES 

The real problem is not initializing realloced memory, but acknowledging 
memory reallocation in situations where data may be reallocated outside 
of the main matching function. 
Please, have a look at the bug at http://python.org/sf/1072259 for more 
information and for a patch fixing the problem. 
Thanks for reporting it! 


You can respond by visiting: 

More information about the Python-bugs-list mailing list