➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013-12-03 18:51 by Level, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| fix_segfault_in_bz2_init_non_existent_file.patch | vajrasky, 2013-12-04 04:18 | review | ||
| Messages (8) | |||
|---|---|---|---|
| msg205137 - (view) | Author: Matthew Bergin (Level) | Date: 2013-12-03 18:51 | |
[level@<removed> fuzz]# cat pyfile.py
import bz2
obj = bz2.BZ2File('/tmp/fileName')
obj.__init__("fileName")
obj.__reduce__
[level@<removed> fuzz]# gdb --args python pyfile.py
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python...(no debugging symbols found)...done.
Missing separate debuginfos, use: debuginfo-install python-2.6.6-37.el6_4.i686 python-2.6.6-37.el6_4.x86_64
(gdb) r
Starting program: /usr/bin/python pyfile.py
[Thread debugging using libthread_db enabled]
Traceback (most recent call last):
File "pyfile.py", line 3, in <module>
obj.__init__("fileName")
IOError: [Errno 2] No such file or directory: 'fileName'
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7a98170 in PyFile_DecUseCount () from /usr/lib64/libpython2.6.so.1.0
(gdb)
|
|||
| msg205143 - (view) | Author: Ned Deily (ned.deily) *  |
Date: 2013-12-03 19:56 | |
Sorry, the Python 2.6 series is now officially retired. As of 2.6.9, "All official maintenance for Python 2.6, including security patches, has ended." If you can reproduce the problem with a currently supported version of Python, such as Python 2.7.6 or 3.3.3, please reopen with similar documentation. http://www.python.org/download/releases/2.6.9/ |
|||
| msg205149 - (view) | Author: STINNER Victor (vstinner) * |
Date: 2013-12-03 21:01 | |
I can reproduce the issue with Python 2.7. The problem is that BZ2File.__init__() doesn't reset the object when __init__() is called twice.
For example, the following script fails with "too many open files" error, before the previous file is not called:
---
import bz2
obj = bz2.BZ2File('bla.bz2')
for loop in range(1024*10):
obj.__init__('bla.bz2')
---
By the way, why do you call __init__() twice? Why not creating a new object?
BZ2File was rewritten in pure Python in Python 3.3. Python 3.3+ is not affected by this issue.
|
|||
| msg205151 - (view) | Author: Matthew Bergin (Level) | Date: 2013-12-03 21:04 | |
I was fuzzing the interpreter otherwise it would init itself |
|||
| msg205159 - (view) | Author: Nadeem Vawda (nadeem.vawda) * |
Date: 2013-12-03 21:31 | |
It appears that this *does* affect 2.7 (though not 3.2, 3.3 or 3.4, fortunately):
~/src/cpython/2.7☿ gdb --ex run --args ./python -c 'import bz2; obj = bz2.BZ2File("/dev/null"); obj.__init__("")'
«... snip banner ...»
Starting program: /home.u/nadeem/src/cpython/2.7/./python -c import\ bz2\;\ obj\ =\ bz2.BZ2File\(\"/dev/null\"\)\;\ obj.__init__\(\"\"\)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Traceback (most recent call last):
File "<string>", line 1, in <module>
IOError: [Errno 2] No such file or directory: ''
Program received signal SIGSEGV, Segmentation fault.
0x0000000000431d3e in PyFile_DecUseCount (fobj=0x0) at Objects/fileobject.c:89
89 fobj->unlocked_count--;
|
|||
| msg205194 - (view) | Author: Vajrasky Kok (vajrasky) * | Date: 2013-12-04 04:18 | |
Here is the preliminary patch. |
|||
| msg205568 - (view) | Author: Roundup Robot (python-dev)  |
Date: 2013-12-08 14:49 | |
New changeset 55a748f6e396 by Nadeem Vawda in branch '2.7': Closes #19878: Fix segfault in bz2 module. http://hg.python.org/cpython/rev/55a748f6e396 |
|||
| msg205834 - (view) | Author: Roundup Robot (python-dev) |
Date: 2013-12-10 16:23 | |
New changeset 3337298f5c75 by Nadeem Vawda in branch '2.7': Skip test for #19878 on Windows. http://hg.python.org/cpython/rev/3337298f5c75 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:54 | admin | set | github: 64077 |
| 2013-12-10 16:23:19 | python-dev | set | messages: + msg205834 |
| 2013-12-08 14:49:31 | python-dev | set | status: open -> closed nosy: + python-dev messages: + msg205568 resolution: fixed stage: needs patch -> resolved |
| 2013-12-04 04:18:53 | vajrasky | set | files:
+ fix_segfault_in_bz2_init_non_existent_file.patch title: bz2.BZ2File.__init__() cannot be called twice -> bz2.BZ2File.__init__() cannot be called twice with non-existent file nosy: + vajrasky messages: + msg205194 keywords: + patch |
| 2013-12-03 21:31:05 | nadeem.vawda | set | nosy:
+ nadeem.vawda messages: + msg205159 assignee: nadeem.vawda stage: needs patch |
| 2013-12-03 21:04:58 | Level | set | messages: + msg205151 |
| 2013-12-03 21:01:56 | vstinner | set | status: closed -> open title: PyFile_DecUseCount() SIGSEGV -> bz2.BZ2File.__init__() cannot be called twice nosy: + vstinner, serhiy.storchaka versions: + Python 2.7, - Python 2.6 messages: + msg205149 resolution: rejected -> (no value) stage: resolved -> (no value) |
| 2013-12-03 19:56:19 | ned.deily | set | status: open -> closed nosy: + ned.deily messages: + msg205143 resolution: rejected stage: resolved |
| 2013-12-03 18:55:03 | Level | set | type: crash |
| 2013-12-03 18:51:08 | Level | create | |