classification
Title: Off by one error in peephole call to find_op on case RETURN_VALUE
Type: crash Stage: resolved
Components: Interpreter Core Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: gregory.p.smith, miss-islington, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2018-11-08 21:08 by gregory.p.smith, last changed 2018-11-09 18:06 by gregory.p.smith. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 10418 merged gregory.p.smith, 2018-11-08 21:16
PR 10421 merged miss-islington, 2018-11-09 01:55
PR 10422 merged gregory.p.smith, 2018-11-09 07:05
Messages (6)
msg329485 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2018-11-08 21:08
An off by one error was introduced to peephole.c by the "off by one error fix" in https://bugs.python.org/issue28517.  Clang's memory sanitizer detects it (msan).

find_op is ultimately called with h == codelen so it accesses one byte out of bounds.

I have a fix, PR coming.
msg329492 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2018-11-09 01:55
New changeset 49fa4a9f1ef387e16596f271414c855339eadf09 by Gregory P. Smith in branch 'master':
bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418)
https://github.com/python/cpython/commit/49fa4a9f1ef387e16596f271414c855339eadf09
msg329493 - (view) Author: miss-islington (miss-islington) Date: 2018-11-09 02:13
New changeset f16ebcd460aaeb8d6b31db317d22f5ed68afbcc8 by Miss Islington (bot) in branch '3.7':
bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418)
https://github.com/python/cpython/commit/f16ebcd460aaeb8d6b31db317d22f5ed68afbcc8
msg329499 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2018-11-09 07:10
Thank you for catching and fixing this error Gregory!
msg329502 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2018-11-09 07:30
New changeset 65e1a1fd311943866361fcb288c0df65dadbe092 by Gregory P. Smith in branch '3.6':
bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) (GH-10422)
https://github.com/python/cpython/commit/65e1a1fd311943866361fcb288c0df65dadbe092
msg329544 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2018-11-09 18:06
I'm working on getting a memory-sanitizer buildbot setup.  I'm so happy it made finding and debugging this relatively easy.
History
Date User Action Args
2018-11-09 18:06:20gregory.p.smithsetstatus: open -> closed
resolution: fixed
messages: + msg329544

stage: patch review -> resolved
2018-11-09 07:30:41gregory.p.smithsetmessages: + msg329502
2018-11-09 07:10:28serhiy.storchakasetmessages: + msg329499
2018-11-09 07:05:58gregory.p.smithsetpull_requests: + pull_request9703
2018-11-09 02:13:20miss-islingtonsetnosy: + miss-islington
messages: + msg329493
2018-11-09 01:55:26miss-islingtonsetpull_requests: + pull_request9701
2018-11-09 01:55:12gregory.p.smithsetmessages: + msg329492
2018-11-08 21:16:54gregory.p.smithsetkeywords: + patch
stage: patch review
pull_requests: + pull_request9698
2018-11-08 21:08:35gregory.p.smithcreate