Issue9236
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010-07-12 21:07 by skrah, last changed 2022-04-11 14:57 by admin. This issue is now closed.
Messages (1) | |||
---|---|---|---|
msg110140 - (view) | Author: Stefan Krah (skrah) * | Date: 2010-07-12 21:07 | |
In test_bytes Valgrind finds two reads with negative array indices. test_bytes ==7341== Invalid read of size 1 ==7341== at 0x4EDA24: fastsearch (fastsearch.h:143) ==7341== by 0x4F170E: bytearray_find_internal (find.h:42) ==7341== by 0x4F17BD: bytearray_rindex (bytearrayobject.c:1267) ==7341== by 0x49DDA0: PyEval_EvalFrameEx (ceval.c:4322) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x49D741: PyEval_EvalFrameEx (ceval.c:4108) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== Address 0xcfd37df is 1 bytes before a block of size 6 alloc'd ==7341== at 0x4C2412C: malloc (vg_replace_malloc.c:195) ==7341== by 0x4C241A6: realloc (vg_replace_malloc.c:476) ==7341== by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259) ==7341== by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340) ==7341== by 0x4F113E: bytearray_init (bytearrayobject.c:810) ==7341== by 0x468531: type_call (typeobject.c:723) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x499129: PyEval_EvalFrameEx (ceval.c:4230) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== ==7341== ==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7507/fd/1014 7507 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... Attaching to program: /proc/7507/fd/1014, process 7507 fastsearch (s=0xcfd37e0 "world", n=0, p=0xa0170b4 "worm", m=4, maxcount=<value optimized out>, mode=2) at Objects/stringlib/fastsearch.h:143 143 if (!STRINGLIB_BLOOM(mask, s[i-1])) (gdb) p i $1 = 0 ==7341== ==7341== Debugger has detached. Valgrind regains control. We continue. ==7341== Invalid read of size 1 ==7341== at 0x4ED9B0: fastsearch (fastsearch.h:149) ==7341== by 0x4F0938: bytearray_rsplit (split.h:311) ==7341== by 0x49E6C1: PyEval_EvalFrameEx (ceval.c:4012) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x42237E: instancemethod_call (classobject.c:2578) ==7341== Address 0xf7c508f is 1 bytes before a block of size 12 alloc'd ==7341== at 0x4C2412C: malloc (vg_replace_malloc.c:195) ==7341== by 0x4C241A6: realloc (vg_replace_malloc.c:476) ==7341== by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259) ==7341== by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340) ==7341== by 0x4F113E: bytearray_init (bytearrayobject.c:810) ==7341== by 0x468531: type_call (typeobject.c:723) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== by 0x499129: PyEval_EvalFrameEx (ceval.c:4230) ==7341== by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098) ==7341== by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252) ==7341== by 0x4FE1BE: function_call (funcobject.c:526) ==7341== by 0x41AE8C: PyObject_Call (abstract.c:2522) ==7341== ==7341== ==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y ==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7534/fd/1014 7534 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu"... Attaching to program: /proc/7534/fd/1014, process 7534 fastsearch (s=0xf7c5090 "mississippi", n=0, p=0x9eba16c "ss", m=2, maxcount=-1, mode=2) at Objects/stringlib/fastsearch.h:149 149 if (!STRINGLIB_BLOOM(mask, s[i-1])) (gdb) p i $1 = 0 |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:57:03 | admin | set | github: 53482 |
2010-07-15 22:17:16 | skrah | set | status: open -> closed resolution: duplicate superseder: Stringlib fastsearch can read beyond the front of an array stage: resolved |
2010-07-12 21:29:23 | skrah | set | nosy:
+ flox |
2010-07-12 21:07:06 | skrah | create |