[ python-Bugs-1697916 ] Segfaults on memory error

SourceForge.net noreply at sourceforge.net
Fri May 11 13:08:28 CEST 2007


Bugs item #1697916, was opened at 2007-04-10 19:47
Message generated for change (Comment added) made by gbrandl
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1697916&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Interpreter Core
Group: Python 2.5
>Status: Closed
>Resolution: Fixed
Priority: 6
Private: No
Submitted By: STINNER Victor (haypo)
Assigned to: Georg Brandl (gbrandl)
Summary: Segfaults on memory error

Initial Comment:
Hi, I'm playing with resource.setrlimit(resource.RLIMIT_AS) to limit memory usage during fuzzing tests. It works quite well but Python crashs sometimes (with SEGFAULT).

I downloaded Python source code and recompiled it with EXTRA_FLAGS="-g -O0" to find errors. I found three bugs and wrote a patch for all of them.

Comments:
* Objects/exceptions.c:33: allocation may returns NULL on memory error
* Objects/longobject.c:2511: long_divrem() may allocate new long integers but l_divmod() doesn't check that div and mod are not NULL
* Objects/object.c:1284: problem with NULL mro. I don't understand how mro works, but I think that the error may be catched when mro is assigned. Problem: where is it done? in Objects/typeobject.c?

So don't apply my patch directly: fix for object.c may be wrong.

----------------------------------------------------------------------

>Comment By: Georg Brandl (gbrandl)
Date: 2007-05-11 11:08

Message:
Logged In: YES 
user_id=849994
Originator: NO

Backported in rev 54902.

----------------------------------------------------------------------

Comment By: Georg Brandl (gbrandl)
Date: 2007-04-11 20:11

Message:
Logged In: YES 
user_id=849994
Originator: NO

Reopening until I can backport this to the 2.5 branch.

----------------------------------------------------------------------

Comment By: STINNER Victor (haypo)
Date: 2007-04-11 16:53

Message:
Logged In: YES 
user_id=365388
Originator: YES

Ignore my bug about NULL mro since i'm not able to reproduce it. Thanks
for the 3 other fixes ;-)

----------------------------------------------------------------------

Comment By: Georg Brandl (gbrandl)
Date: 2007-04-11 16:11

Message:
Logged In: YES 
user_id=849994
Originator: NO

Status update: Fixed the first two bugs locally, and a third one
discovered by Victor on #python-dev.

The mro one is unclear -- we've asked him to reproduce it and poke around
in gdb to see why tp_mro is NULL, which it shouldn't be.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1697916&group_id=5470


More information about the Python-bugs-list mailing list