Message 31750 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients
Date	2007-04-10.19:47:49
SpamBayes Score
Marked as misclassified
Message-id
In-reply-to

Content
Hi, I'm playing with resource.setrlimit(resource.RLIMIT_AS) to limit memory usage during fuzzing tests. It works quite well but Python crashs sometimes (with SEGFAULT). I downloaded Python source code and recompiled it with EXTRA_FLAGS="-g -O0" to find errors. I found three bugs and wrote a patch for all of them. Comments: * Objects/exceptions.c:33: allocation may returns NULL on memory error * Objects/longobject.c:2511: long_divrem() may allocate new long integers but l_divmod() doesn't check that div and mod are not NULL * Objects/object.c:1284: problem with NULL mro. I don't understand how mro works, but I think that the error may be catched when mro is assigned. Problem: where is it done? in Objects/typeobject.c? So don't apply my patch directly: fix for object.c may be wrong.

Hi, I'm playing with resource.setrlimit(resource.RLIMIT_AS) to limit memory usage during fuzzing tests. It works quite well but Python crashs sometimes (with SEGFAULT).

I downloaded Python source code and recompiled it with EXTRA_FLAGS="-g -O0" to find errors. I found three bugs and wrote a patch for all of them.

Comments:
* Objects/exceptions.c:33: allocation may returns NULL on memory error
* Objects/longobject.c:2511: long_divrem() may allocate new long integers but l_divmod() doesn't check that div and mod are not NULL
* Objects/object.c:1284: problem with NULL mro. I don't understand how mro works, but I think that the error may be catched when mro is assigned. Problem: where is it done? in Objects/typeobject.c?

So don't apply my patch directly: fix for object.c may be wrong.

History
Date	User	Action	Args
2007-08-23 14:53:02	admin	link	issue1697916 messages
2007-08-23 14:53:02	admin	create