Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pointers point out of array bound in _sre.c #62884

Closed
serhiy-storchaka opened this issue Aug 8, 2013 · 8 comments
Closed

Pointers point out of array bound in _sre.c #62884

serhiy-storchaka opened this issue Aug 8, 2013 · 8 comments
Assignees
@serhiy-storchaka
Labels
topic-regex type-bug An unexpected behavior, bug, or error

Comments

@serhiy-storchaka
Copy link
Member

BPO 18684
Nosy @vstinner, @ezio-melotti, @serhiy-storchaka
Files
  • sre_ptr_out_of_bounds.patch
  • sre_ptr_out_of_bounds_4.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/serhiy-storchaka'
closed_at = <Date 2015-07-06.11:30:39.649>
created_at = <Date 2013-08-08.11:56:24.019>
labels = ['expert-regex', 'type-bug']
title = 'Pointers point out of array bound in _sre.c'
updated_at = <Date 2015-07-06.11:30:39.648>
user = 'https://github.com/serhiy-storchaka'

    bugs.python.org fields:

    activity = <Date 2015-07-06.11:30:39.648>
actor = 'serhiy.storchaka'
assignee = 'serhiy.storchaka'
closed = True
closed_date = <Date 2015-07-06.11:30:39.649>
closer = 'serhiy.storchaka'
components = ['Regular Expressions']
creation = <Date 2013-08-08.11:56:24.019>
creator = 'serhiy.storchaka'
dependencies = []
files = ['31197', '38638']
hgrepos = []
issue_num = 18684
keywords = ['patch', 'needs review']
message_count = 8.0
messages = ['194661', '201067', '201463', '238944', '246326', '246338', '246349', '246356']
nosy_count = 7.0
nosy_names = ['vstinner', 'ezio.melotti', 'mrabarnett', 'Arfrever', 'BreamoreBoy', 'python-dev', 'serhiy.storchaka']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue18684'
versions = ['Python 2.7', 'Python 3.4', 'Python 3.5', 'Python 3.6']
    @serhiy-storchaka
    Copy link
    Member Author

    In _sre.c pointers can point out of boundaries of array. This is an undefined behavior and is one of causes of a bug in bpo-17998 (end-ptr can be negative). The proposed patch change code to check if pointers will point out of boundaries before their changing.

    @serhiy-storchaka serhiy-storchaka added topic-regex type-bug An unexpected behavior, bug, or error labels Aug 8, 2013
    @serhiy-storchaka serhiy-storchaka self-assigned this Aug 29, 2013
    @serhiy-storchaka
    Copy link
    Member Author

    Because currently there is no way to test behavior change of this patch (besides rollback a patch committed in bpo-17998) I think that it worth to apply only in 3.4. When the bug will be reproduced we could backport it to maintenance releases.

    @serhiy-storchaka
    Copy link
    Member Author

    Patch updated to tip (the code was changed since bpo-17998). It no more uses division.

    @serhiy-storchaka
    Copy link
    Member Author

    Here is recent patch.

    @serhiy-storchaka
    Copy link
    Member Author

    May be bpo-24566 has a reproducer, but not having Windows I can't test this.

    @BreamoreBoy
    Copy link
    Mannequin

    BreamoreBoy mannequin commented Jul 5, 2015

    The reproducer from bpo-24566 consistently crashed the code. Applied the patch from here and couldn't reproduce the problem. Then ran test_re for both 32 and 64 bit debug and release builds with no problems.

    @serhiy-storchaka
    Copy link
    Member Author

    Thank you Mark.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Jul 6, 2015

    New changeset 0007031e0452 by Serhiy Storchaka in branch '2.7':
    Issue bpo-18684: Fixed reading out of the buffer in the re module.
    https://hg.python.org/cpython/rev/0007031e0452

    New changeset 389795b7c703 by Serhiy Storchaka in branch '3.4':
    Issue bpo-18684: Fixed reading out of the buffer in the re module.
    https://hg.python.org/cpython/rev/389795b7c703

    New changeset 5adf995d443f by Serhiy Storchaka in branch '3.5':
    Issue bpo-18684: Fixed reading out of the buffer in the re module.
    https://hg.python.org/cpython/rev/5adf995d443f

    New changeset bb9fc884a838 by Serhiy Storchaka in branch 'default':
    Issue bpo-18684: Fixed reading out of the buffer in the re module.
    https://hg.python.org/cpython/rev/bb9fc884a838

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @serhiy-storchaka serhiy-storchaka

    Labels
    topic-regex type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @serhiy-storchaka