classification
Title: Segfault in sha1
Type: crash Stage:
Components: Interpreter Core Versions: Python 3.0
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: loewis, mgiuca
Priority: normal Keywords: patch

Created on 2008-08-15 02:39 by mgiuca, last changed 2008-08-15 06:29 by loewis. This issue is now closed.

Files
File name Uploaded Description Edit
sha1.patch mgiuca, 2008-08-15 02:39
Messages (2)
msg71157 - (view) Author: Matt Giuca (mgiuca) Date: 2008-08-15 02:39
Continuing the discussion from Issue 3552
(http://bugs.python.org/issue3552).

r65676 makes changes to Modules/md5module.c and Modules/sha1module.c, to
allow them to read mutable buffers.

There's a segfault in sha1module if given 0 arguments. eg:

>>> import _sha1
>>> _sha1.sha1()
Segmentation fault

Docs here suggest this should be OK:
http://docs.python.org/dev/3.0/library/hashlib.html

This crashes on the Lib/test/test_hmac.py test case, but apparently
(according to Margin on issue 3552) none of the build bots see it
because they use libopenssl and completely bypass the _md5 and _sha1
modules. Also there are no direct test cases for either of these modules.

This is because new code in r65676 doesn't initialise a pointer to NULL.
Fixed in patch (as well as replaced tab with spaces for consistency, in
both modules).

I strongly recommend that a) A "build bot" be made to use _md5 and _sha1
instead of OpenSSL (or they aren't running that code at all), AND/OR b)
Direct test cases be written for _md5 and _sha1.

Commit log:

Fixed crash on _sha1.sha1(), with no arguments, due to not initialising
pointer.

Normalised indentation in md5module.c and sha1module.c.
msg71163 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2008-08-15 06:29
Thanks for the report. Fixed in r65690.
History
Date User Action Args
2008-08-15 06:29:15loewissetstatus: open -> closed
resolution: fixed
messages: + msg71163
nosy: + loewis
2008-08-15 02:39:34mgiucacreate