[Python-checkins] cpython (2.7): Added a new crasher that targets mutating the underlying storage of a buffer.
alex.gaynor
python-checkins at python.org
Fri Mar 30 14:45:28 CEST 2012
http://hg.python.org/cpython/rev/5aad56eb471c
changeset: 75996:5aad56eb471c
branch: 2.7
parent: 75987:eda0ae0d2c68
user: Alex Gaynor <alex.gaynor at gmail.com>
date: Fri Mar 30 08:45:25 2012 -0400
summary:
Added a new crasher that targets mutating the underlying storage of a buffer. All work done by Armin Rigo.
files:
Lib/test/crashers/buffer_mutate.py | 30 ++++++++++++++++++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/Lib/test/crashers/buffer_mutate.py b/Lib/test/crashers/buffer_mutate.py
new file mode 100644
--- /dev/null
+++ b/Lib/test/crashers/buffer_mutate.py
@@ -0,0 +1,30 @@
+#
+# The various methods of bufferobject.c (here buffer_subscript()) call
+# get_buf() before calling potentially more Python code (here via
+# PySlice_GetIndicesEx()). But get_buf() already returned a void*
+# pointer. This void* pointer can become invalid if the object
+# underlying the buffer is mutated (here a bytearray object).
+#
+# As usual, please keep in mind that the three "here" in the sentence
+# above are only examples. Each can be changed easily and lead to
+# another crasher.
+#
+# This crashes for me on Linux 32-bits with CPython 2.6 and 2.7
+# with a segmentation fault.
+#
+
+
+class PseudoIndex(object):
+ def __index__(self):
+ for c in "foobar"*n:
+ a.append(c)
+ return n * 4
+
+
+for n in range(1, 100000, 100):
+ a = bytearray("test"*n)
+ buf = buffer(a)
+
+ s = buf[:PseudoIndex():1]
+ #print repr(s)
+ #assert s == "test"*n
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list