Issue 35193: Off by one error in peephole call to find_op on case RETURN_VALUE

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/79374

classification

Title:	Off by one error in peephole call to find_op on case RETURN_VALUE
Type:	crash	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 3.8, Python 3.7, Python 3.6

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	gregory.p.smith	Nosy List:	gregory.p.smith, miss-islington, serhiy.storchaka
Priority:	normal	Keywords:	patch

Created on 2018-11-08 21:08 by gregory.p.smith, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 10418	merged	gregory.p.smith, 2018-11-08 21:16
PR 10421	merged	miss-islington, 2018-11-09 01:55
PR 10422	merged	gregory.p.smith, 2018-11-09 07:05

Messages (6)
msg329485 - (view)	Author: Gregory P. Smith (gregory.p.smith) *	Date: 2018-11-08 21:08
An off by one error was introduced to peephole.c by the "off by one error fix" in https://bugs.python.org/issue28517. Clang's memory sanitizer detects it (msan). find_op is ultimately called with h == codelen so it accesses one byte out of bounds. I have a fix, PR coming.
msg329492 - (view)	Author: Gregory P. Smith (gregory.p.smith) *	Date: 2018-11-09 01:55
New changeset 49fa4a9f1ef387e16596f271414c855339eadf09 by Gregory P. Smith in branch 'master': bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) https://github.com/python/cpython/commit/49fa4a9f1ef387e16596f271414c855339eadf09
msg329493 - (view)	Author: miss-islington (miss-islington)	Date: 2018-11-09 02:13
New changeset f16ebcd460aaeb8d6b31db317d22f5ed68afbcc8 by Miss Islington (bot) in branch '3.7': bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) https://github.com/python/cpython/commit/f16ebcd460aaeb8d6b31db317d22f5ed68afbcc8
msg329499 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2018-11-09 07:10
Thank you for catching and fixing this error Gregory!
msg329502 - (view)	Author: Gregory P. Smith (gregory.p.smith) *	Date: 2018-11-09 07:30
New changeset 65e1a1fd311943866361fcb288c0df65dadbe092 by Gregory P. Smith in branch '3.6': bpo-35193: Fix an off by one error in the RETURN_VALUE case. (GH-10418) (GH-10422) https://github.com/python/cpython/commit/65e1a1fd311943866361fcb288c0df65dadbe092
msg329544 - (view)	Author: Gregory P. Smith (gregory.p.smith) *	Date: 2018-11-09 18:06
I'm working on getting a memory-sanitizer buildbot setup. I'm so happy it made finding and debugging this relatively easy.

History
Date	User	Action	Args
2022-04-11 14:59:07	admin	set	github: 79374
2018-11-09 18:06:20	gregory.p.smith	set	status: open -> closed resolution: fixed messages: + msg329544 stage: patch review -> resolved
2018-11-09 07:30:41	gregory.p.smith	set	messages: + msg329502
2018-11-09 07:10:28	serhiy.storchaka	set	messages: + msg329499
2018-11-09 07:05:58	gregory.p.smith	set	pull_requests: + pull_request9703
2018-11-09 02:13:20	miss-islington	set	nosy: + miss-islington messages: + msg329493
2018-11-09 01:55:26	miss-islington	set	pull_requests: + pull_request9701
2018-11-09 01:55:12	gregory.p.smith	set	messages: + msg329492
2018-11-08 21:16:54	gregory.p.smith	set	keywords: + patch stage: patch review pull_requests: + pull_request9698
2018-11-08 21:08:35	gregory.p.smith	create