Title: Segfaults on memory error
Type: Stage:
Components: Interpreter Core Versions: Python 2.5
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: georg.brandl, haypo
Priority: high Keywords:

Created on 2007-04-10 19:47 by haypo, last changed 2007-05-11 11:08 by georg.brandl. This issue is now closed.

File name Uploaded Description Edit
python_segfault.patch haypo, 2007-04-10 19:47 Patch for three errors
Messages (5)
msg31750 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2007-04-10 19:47
Hi, I'm playing with resource.setrlimit(resource.RLIMIT_AS) to limit memory usage during fuzzing tests. It works quite well but Python crashs sometimes (with SEGFAULT).

I downloaded Python source code and recompiled it with EXTRA_FLAGS="-g -O0" to find errors. I found three bugs and wrote a patch for all of them.

* Objects/exceptions.c:33: allocation may returns NULL on memory error
* Objects/longobject.c:2511: long_divrem() may allocate new long integers but l_divmod() doesn't check that div and mod are not NULL
* Objects/object.c:1284: problem with NULL mro. I don't understand how mro works, but I think that the error may be catched when mro is assigned. Problem: where is it done? in Objects/typeobject.c?

So don't apply my patch directly: fix for object.c may be wrong.
msg31751 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2007-04-11 16:11
Status update: Fixed the first two bugs locally, and a third one discovered by Victor on #python-dev.

The mro one is unclear -- we've asked him to reproduce it and poke around in gdb to see why tp_mro is NULL, which it shouldn't be.
msg31752 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2007-04-11 16:53
Ignore my bug about NULL mro since i'm not able to reproduce it. Thanks for the 3 other fixes ;-)
msg31753 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2007-04-11 20:11
Reopening until I can backport this to the 2.5 branch.
msg31754 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2007-05-11 11:08
Backported in rev 54902.
Date User Action Args
2007-04-10 19:47:49haypocreate