Author apexo
Recipients apexo, docs@python
Date 2010-05-31.22:20:12
SpamBayes Score 0.0370683
Marked as misclassified No
Message-id <1275344415.87.0.130024541357.issue8865@psf.upfronthosting.co.za>
In-reply-to
Content
invoking select.poll.poll() concurrently from multiple threads frequently yields garbage in one thread:

while poll_poll in thread 1 is parsing its result, another thread 2 calling poll may overwrite revents; assuming poll_result was 1 in thread 1 and thread 2 managed to clear all revents before thread 1 started scanning ufds, thread 1 would iterate straight through all ufds, past its bounds (no bound checks there), and return the first out-of-bounds entry that happens to have revents != 0

this issue needs at least documentation (although bounds-checking to prevent garbage in the result wouldn't hurt)

also, since there doesn't seem to be any locking w/ regards to ufds, it might be possible to corrupt python's heap, by concurrently invoking poll_register and poll_poll. poll_register could move the ufds array to another location while resizing it and poll_poll would subsequently overwrite memory that is not allocated anymore or allocated by someone else (did not test that)

python 2.5.5
History
Date User Action Args
2010-05-31 22:20:16apexosetrecipients: + apexo, docs@python
2010-05-31 22:20:15apexosetmessageid: <1275344415.87.0.130024541357.issue8865@psf.upfronthosting.co.za>
2010-05-31 22:20:13apexolinkissue8865 messages
2010-05-31 22:20:13apexocreate