classification
Title: Pointers point out of array bound in _sre.c
Type: behavior Stage: resolved
Components: Regular Expressions Versions: Python 3.6, Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: serhiy.storchaka Nosy List: Arfrever, BreamoreBoy, ezio.melotti, mrabarnett, python-dev, serhiy.storchaka, vstinner
Priority: normal Keywords: needs review, patch

Created on 2013-08-08 11:56 by serhiy.storchaka, last changed 2015-07-06 11:30 by serhiy.storchaka. This issue is now closed.

Files
File name Uploaded Description Edit
sre_ptr_out_of_bounds.patch serhiy.storchaka, 2013-08-08 11:56 review
sre_ptr_out_of_bounds_4.patch serhiy.storchaka, 2015-03-22 22:10 review
Messages (8)
msg194661 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-08-08 11:56
In _sre.c pointers can point out of boundaries of array. This is an undefined behavior and is one of causes of a bug in issue17998 (end-ptr can be negative). The proposed patch change code to check if pointers will point out of boundaries before their changing.
msg201067 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-10-23 20:31
Because currently there is no way to test behavior change of this patch (besides rollback a patch committed in issue17998) I think that it worth to apply only in 3.4. When the bug will be reproduced we could backport it to maintenance releases.
msg201463 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2013-10-27 15:26
Patch updated to tip (the code was changed since issue17998). It no more uses division.
msg238944 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-03-22 22:04
Here is recent patch.
msg246326 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-07-05 17:05
May be issue24566 has a reproducer, but not having Windows I can't test this.
msg246338 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2015-07-05 21:08
The reproducer from issue24566 consistently crashed the code.  Applied the patch from here and couldn't reproduce the problem.  Then ran test_re for both 32 and 64 bit debug and release builds with no problems.
msg246349 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-07-06 05:31
Thank you Mark.
msg246356 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2015-07-06 11:23
New changeset 0007031e0452 by Serhiy Storchaka in branch '2.7':
Issue #18684: Fixed reading out of the buffer in the re module.
https://hg.python.org/cpython/rev/0007031e0452

New changeset 389795b7c703 by Serhiy Storchaka in branch '3.4':
Issue #18684: Fixed reading out of the buffer in the re module.
https://hg.python.org/cpython/rev/389795b7c703

New changeset 5adf995d443f by Serhiy Storchaka in branch '3.5':
Issue #18684: Fixed reading out of the buffer in the re module.
https://hg.python.org/cpython/rev/5adf995d443f

New changeset bb9fc884a838 by Serhiy Storchaka in branch 'default':
Issue #18684: Fixed reading out of the buffer in the re module.
https://hg.python.org/cpython/rev/bb9fc884a838
History
Date User Action Args
2015-07-06 11:30:39serhiy.storchakasetstatus: open -> closed
resolution: fixed
stage: commit review -> resolved
2015-07-06 11:23:59python-devsetnosy: + python-dev
messages: + msg246356
2015-07-06 10:52:21serhiy.storchakalinkissue24566 superseder
2015-07-06 05:31:17serhiy.storchakasetstage: patch review -> commit review
messages: + msg246349
versions: + Python 2.7, Python 3.4, Python 3.6
2015-07-05 21:08:21BreamoreBoysetnosy: + BreamoreBoy
messages: + msg246338
2015-07-05 17:05:55serhiy.storchakasetmessages: + msg246326
2015-03-22 22:10:50serhiy.storchakasetfiles: + sre_ptr_out_of_bounds_4.patch
2015-03-22 22:10:08serhiy.storchakasetfiles: - sre_ptr_out_of_bounds_4.patch
2015-03-22 22:04:23serhiy.storchakasetfiles: + sre_ptr_out_of_bounds_4.patch

messages: + msg238944
versions: + Python 3.5, - Python 3.4
2013-10-31 16:15:39vstinnersetnosy: + vstinner
2013-10-27 15:26:24serhiy.storchakasetmessages: + msg201463
2013-10-23 20:32:00serhiy.storchakaunlinkissue18685 dependencies
2013-10-23 20:31:48serhiy.storchakasetmessages: + msg201067
versions: - Python 2.7, Python 3.3
2013-08-29 10:13:50serhiy.storchakalinkissue18685 dependencies
2013-08-29 10:12:38serhiy.storchakasetkeywords: + needs review
assignee: serhiy.storchaka
2013-08-20 05:42:56Arfreversetnosy: + Arfrever
2013-08-08 11:56:24serhiy.storchakacreate