This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: PyOS_StdioReadline() leaks memory when realloc() fails
Type: resource usage Stage: resolved
Components: Interpreter Core Versions: Python 3.3, Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, kristjan.jonsson, python-dev, serhiy.storchaka, vstinner
Priority: normal Keywords: patch

Created on 2013-07-05 20:02 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
osreadline.patch christian.heimes, 2013-07-05 20:02 review
Pull Requests
URL Status Linked Edit
PR 12334 merged cstratak, 2019-03-14 16:33
Messages (7)
msg192352 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-07-05 20:02 
PyOS_StdioReadline() contains code such as:

   p = (char *)PyMem_REALLOC(p, n + incr);

The code looses its pointer to p when realloc fails and has no chance to free the memory in p.

Also the code sets PyExc_OverflowError when incr > INT_MAX but it doesn't return NULL to signal the error.
msg192959 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-07-12 19:10 
A similar issue: #14909.
msg192968 - (view) Author: Kristján Valur Jónsson (kristjan.jonsson) * (Python committer) Date: 2013-07-12 20:24 
Is it sufficient to check incr > INT_MAX to guard against overflow?
msg194532 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-08-06 09:03 
The patch can be a little simplified (the "else" keyword is redundant), but in general it LGTM. Let's push.
msg194547 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2013-08-06 14:03 
New changeset 5859a3ec5b7e by Christian Heimes in branch '3.3':
Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() fails.
http://hg.python.org/cpython/rev/5859a3ec5b7e

New changeset 6dbc4d6ff31e by Christian Heimes in branch 'default':
Issue #18368: PyOS_StdioReadline() no longer leaks memory when realloc() fails.
http://hg.python.org/cpython/rev/6dbc4d6ff31e
msg194549 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-08-06 14:16 
Serhiy:
Thanks for the review

Kristján:
Yes, it's enough to check for incr > INT_MAX. The buffer size is incremented to a value of <= (2*n)+2 in each round. The start value is 100. The loop is terminated once the buffer size reaches INT_MAX-2.
msg338339 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-03-19 10:43 
New changeset d9c6564f90ead067c2e288f01825684821b7a129 by Victor Stinner (stratakis) in branch '2.7':
[2.7] bpo-18368: Fix memory leaks in PyOS_StdioReadline() when realloc() fails (GH-12334)
https://github.com/python/cpython/commit/d9c6564f90ead067c2e288f01825684821b7a129
History
Date User Action Args
2022-04-11 14:57:47adminsetgithub: 62568
2019-03-19 10:43:33vstinnersetmessages: + msg338339
2019-03-14 16:33:29cstrataksetpull_requests: + pull_request12305
2013-08-16 13:03:14christian.heimessetstatus: pending -> closed
2013-08-06 14:16:12christian.heimessetstatus: open -> pending
resolution: fixed
messages: + msg194549

stage: patch review -> resolved
2013-08-06 14:03:46python-devsetnosy: + python-dev
messages: + msg194547
2013-08-06 09:03:26serhiy.storchakasetmessages: + msg194532
2013-07-12 20:24:16kristjan.jonssonsetmessages: + msg192968
2013-07-12 19:10:56serhiy.storchakasetnosy: + kristjan.jonsson, serhiy.storchaka
messages: + msg192959
2013-07-12 18:44:56vstinnersetnosy: + vstinner
2013-07-05 20:02:43christian.heimescreate