New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault with nonsensical random state #68808
Comments
While trying to find a possible cause for bpo-24546, I came across this Python 3.6.0a0 (default:02b81a82a57d, Jul 12 2015, 20:33:44)
[GCC 4.8.4] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import random
>>> s = (3, (999999999999999,)*625, None)
>>> random.setstate(s)
>>> random.choice([1,2,3,4,5])
Segmentation fault (core dumped) |
Can't reproduce on 32-bit. |
I think it's just a matter of checking for self->index <= N in setstate(). |
But I can reproduce the crash with other example. import random
random.setstate((3, (1,)*624+(-10**9,), None))
random.random() The index attribute can be set to negative value and this causes reading out of the buffer. Here is a patch that fixes this. |
This is ready to apply. |
New changeset 0933c00c2765 by Serhiy Storchaka in branch '3.4': New changeset 84070c1225c5 by Serhiy Storchaka in branch '2.7': New changeset d8229c26dd92 by Serhiy Storchaka in branch '3.5': New changeset f6e399ae670f by Serhiy Storchaka in branch 'default': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: