classification
Title: bytearray.translate(): error in error handling
Type: crash Stage: patch review
Components: Interpreter Core Versions: Python 3.0, Python 3.1, Python 3.2, Python 2.7, Python 2.6
process
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: Nosy List: georg.brandl, haypo
Priority: critical Keywords: patch

Created on 2009-07-22 00:14 by haypo, last changed 2009-07-22 11:57 by georg.brandl. This issue is now closed.

Files
File name Uploaded Description Edit
bytearray-2.patch haypo, 2009-07-22 00:22
Messages (3)
msg90786 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2009-07-22 00:14
bytearray.translate() crash if:
 * first argument was converted to a buffer but the buffer length is not 256
bytes
 * first argument is valid, but the second argument can not be converted to a
buffer

The crash occurs because PyBuffer_Release(&vdel) is called whereas vdel
buffer is not initialized.

Example with Python3:

lisa$ ./python
Python 3.2a0 (py3k:74029M, Jul 17 2009, 02:29:48)
[GCC 4.3.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> x=bytearray(b'xyz')
>>> x.translate(b'x', 1)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: translation table must be 256 characters long
>>> x.translate(b'x', 1)
Erreur de segmentation

Attached patch fixes the two cases and add an unit test for the first case. As
you can see in the example, it's an Heisenbug :-) (compile in debug bug to get
reproductible crash)
msg90787 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2009-07-22 00:22
Oops, my first patch was broken (redefine "test_bin", instead of using a
different method name). The name patch tests both cases (the two crashs).
msg90810 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2009-07-22 11:57
Thanks, fixed in r74167.
History
Date User Action Args
2009-07-22 11:57:27georg.brandlsetstatus: open -> closed

nosy: + georg.brandl
messages: + msg90810

resolution: accepted
2009-07-22 00:27:19ezio.melottisetpriority: critical
type: crash
stage: patch review
2009-07-22 00:22:53hayposetfiles: + bytearray-2.patch

messages: + msg90787
2009-07-22 00:22:00hayposetfiles: - bytearray.patch
2009-07-22 00:14:51haypocreate