[Python-Dev] OpenBSD anyone?

Kurt B. Kaiser kbk at shore.net
Tue Dec 23 10:10:54 EST 2003 

"Tim Peters" <tim.one at comcast.net> writes:

> Hate to say it, but the pointer passed *to* strchr must be insane,
> and that makes it more likely a Python, or platform compiler, bug.

There are two calls to load_next() in import_module_ex().  The
segfault is occuring during the second call.

The code is somewhat pathological in that the callee, load_next(), is
modifying the caller's /parameters/ by changing the contents of name.

For some reason, the compiler emits code which makes a copy of
import_module_ex()'s parameters in the stack frame.  When load_next()
is called, the reference &name is the location in the
parameter area of the frame, but when name is tested in the while
loop, the copy in the local area of the frame is used.  Since this has
not been modified by load_next(), the fact that name has been set to
0x00 is missed.  load_next() gets called erroneously and passes a null
pointer to strchr.

I tried a volatile declaration, but no joy.  Adding a proper local,
mod_name, resolved the problem.
 
-- 
KBK

Index: Python/import.c
===================================================================
RCS file: /cvsroot/python/python/dist/src/Python/import.c,v
retrieving revision 2.225
diff -c -r2.225 import.c
*** Python/import.c	20 Nov 2003 01:44:58 -0000	2.225
--- Python/import.c	23 Dec 2003 14:56:40 -0000
***************
*** 1871,1876 ****
--- 1871,1877 ----
  		 PyObject *fromlist)
  {
  	char buf[MAXPATHLEN+1];
+ 	char *mod_name;
  	int buflen = 0;
  	PyObject *parent, *head, *next, *tail;
  
***************
*** 1878,1891 ****
  	if (parent == NULL)
  		return NULL;
  
! 	head = load_next(parent, Py_None, &name, buf, &buflen);
  	if (head == NULL)
  		return NULL;
  
  	tail = head;
  	Py_INCREF(tail);
! 	while (name) {
! 		next = load_next(tail, tail, &name, buf, &buflen);
  		Py_DECREF(tail);
  		if (next == NULL) {
  			Py_DECREF(head);
--- 1879,1893 ----
  	if (parent == NULL)
  		return NULL;
  
! 	mod_name = name;
! 	head = load_next(parent, Py_None, &mod_name, buf, &buflen);
  	if (head == NULL)
  		return NULL;
  
  	tail = head;
  	Py_INCREF(tail);
! 	while (mod_name) {
! 		next = load_next(tail, tail, &mod_name, buf, &buflen);
  		Py_DECREF(tail);
  		if (next == NULL) {
  			Py_DECREF(head);

More information about the Python-Dev mailing list