classification
Title: io.BytesIO.readinto() segfaults when used on BytesIO object seeked beyond end.
Type: crash Stage:
Components: IO Versions: Python 3.1, Python 3.2, Python 2.7, Python 2.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: benjamin.peterson, pitrou, sh
Priority: normal Keywords: patch

Created on 2010-11-20 11:53 by sh, last changed 2010-11-20 17:24 by benjamin.peterson. This issue is now closed.

Files
File name Uploaded Description Edit
bio_readinto_1.patch sh, 2010-11-20 11:53 Bugfix attempt 0
Messages (2)
msg121618 - (view) Author: Sebastian Hagen (sh) Date: 2010-11-20 11:53
io.BytesIO().readinto() does not correctly handle the case of being called on a BytesIO object that has been seeked past the end of its data. It consequently ends up reading into unallocated memory, and (typically?) segfaulting if used in this manner. I've confirmed that this bug exists in the same fashion in 2.6, 2.7, 3.0, 3.1 and 3.2; the following demonstration code works on all of these.

Demonstration:
>>> import io; b = io.BytesIO(b'bytes'); b.seek(42); b.readinto(bytearray(1))
42
Segmentation fault

I'm attaching a simple patch against r32a3:85355 that fixes this problem.
msg121687 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2010-11-20 17:24
r86587
History
Date User Action Args
2010-11-20 17:24:27benjamin.petersonsetstatus: open -> closed

nosy: + benjamin.peterson
messages: + msg121687

resolution: fixed
2010-11-20 14:42:25r.david.murraysetnosy: + pitrou
2010-11-20 11:53:24shcreate