[issue29700] readline memory corruption when sys.stdin fd >= FD_SETSIZE for select()
Marien Zwart
report at bugs.python.org
Mon Mar 6 08:04:48 EST 2017
Marien Zwart added the comment:
On Python 3, crash_readline_fdset.py does not crash for me, because its input() contains a check documented as:
/* We should only use (GNU) readline if Python's sys.stdin and
sys.stdout are the same as C's stdin and stdout, because we
need to pass it those. */
and calls sys.stdin.getline() instead.
I don't understand why this was added (eba769657a32cb08d96f021f40c79a54ade0bffc's commit message "Make input9) behave properly with the new I/O library" does not explain it).
PyOS_Readline does still take sys_stdin and sys_stdout arguments, but the only callers in CPython itself pass the actual stdin and stdout. Not sure if it's still worth fixing (maybe just turn it from a crash into an error if the fd is too high, but don't add an alternative implementation?).
On Python 2, I can fix it, but then I hit the same problem in readline itself (http://git.savannah.gnu.org/cgit/readline.git/tree/input.c#n518).
So I suppose the next step is reporting it there, and see if they're interested in fixing it (looks like readline isn't currently using anything more fancy than select() and pselect(), and there's a few more calls to those that would probably also need fixing...). Doesn't seem useful to fix it here first.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue29700>
_______________________________________
More information about the Python-bugs-list
mailing list