This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author skrah
Recipients skrah
Date 2010-07-12.21:07:04
SpamBayes Score 0.0382183
Marked as misclassified No
Message-id <1278968830.4.0.450614560792.issue9236@psf.upfronthosting.co.za>
In-reply-to
Content
In test_bytes Valgrind finds two reads with negative array indices.


test_bytes
==7341== Invalid read of size 1
==7341==    at 0x4EDA24: fastsearch (fastsearch.h:143)
==7341==    by 0x4F170E: bytearray_find_internal (find.h:42)
==7341==    by 0x4F17BD: bytearray_rindex (bytearrayobject.c:1267)
==7341==    by 0x49DDA0: PyEval_EvalFrameEx (ceval.c:4322)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x49D741: PyEval_EvalFrameEx (ceval.c:4108)
==7341==    by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x4FE1BE: function_call (funcobject.c:526)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341==    by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==  Address 0xcfd37df is 1 bytes before a block of size 6 alloc'd
==7341==    at 0x4C2412C: malloc (vg_replace_malloc.c:195)
==7341==    by 0x4C241A6: realloc (vg_replace_malloc.c:476)
==7341==    by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259)
==7341==    by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340)
==7341==    by 0x4F113E: bytearray_init (bytearrayobject.c:810)
==7341==    by 0x468531: type_call (typeobject.c:723)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341==    by 0x499129: PyEval_EvalFrameEx (ceval.c:4230)
==7341==    by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x4FE1BE: function_call (funcobject.c:526)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341== 
==7341== 
==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7507/fd/1014 7507
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Attaching to program: /proc/7507/fd/1014, process 7507
fastsearch (s=0xcfd37e0 "world", n=0, p=0xa0170b4 "worm", m=4, maxcount=<value optimized out>, mode=2) at Objects/stringlib/fastsearch.h:143
143                     if (!STRINGLIB_BLOOM(mask, s[i-1]))
(gdb) p i
$1 = 0




==7341== 
==7341== Debugger has detached.  Valgrind regains control.  We continue.
==7341== Invalid read of size 1
==7341==    at 0x4ED9B0: fastsearch (fastsearch.h:149)
==7341==    by 0x4F0938: bytearray_rsplit (split.h:311)
==7341==    by 0x49E6C1: PyEval_EvalFrameEx (ceval.c:4012)
==7341==    by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x4FE1BE: function_call (funcobject.c:526)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341==    by 0x49B9AB: PyEval_EvalFrameEx (ceval.c:4325)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x4FE1BE: function_call (funcobject.c:526)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341==    by 0x42237E: instancemethod_call (classobject.c:2578)
==7341==  Address 0xf7c508f is 1 bytes before a block of size 12 alloc'd
==7341==    at 0x4C2412C: malloc (vg_replace_malloc.c:195)
==7341==    by 0x4C241A6: realloc (vg_replace_malloc.c:476)
==7341==    by 0x4EF441: PyByteArray_Resize (bytearrayobject.c:259)
==7341==    by 0x4F0F8A: bytearray_iconcat (bytearrayobject.c:340)
==7341==    by 0x4F113E: bytearray_init (bytearrayobject.c:810)
==7341==    by 0x468531: type_call (typeobject.c:723)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341==    by 0x499129: PyEval_EvalFrameEx (ceval.c:4230)
==7341==    by 0x49E155: PyEval_EvalFrameEx (ceval.c:4098)
==7341==    by 0x49FD2A: PyEval_EvalCodeEx (ceval.c:3252)
==7341==    by 0x4FE1BE: function_call (funcobject.c:526)
==7341==    by 0x41AE8C: PyObject_Call (abstract.c:2522)
==7341== 
==7341== 
==7341== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==7341== starting debugger with cmd: /usr/bin/gdb -nw /proc/7534/fd/1014 7534
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
Attaching to program: /proc/7534/fd/1014, process 7534
fastsearch (s=0xf7c5090 "mississippi", n=0, p=0x9eba16c "ss", m=2, maxcount=-1, mode=2) at Objects/stringlib/fastsearch.h:149
149                     if (!STRINGLIB_BLOOM(mask, s[i-1]))
(gdb) p i
$1 = 0
History
Date User Action Args
2010-07-12 21:07:10skrahsetrecipients: + skrah
2010-07-12 21:07:10skrahsetmessageid: <1278968830.4.0.450614560792.issue9236@psf.upfronthosting.co.za>
2010-07-12 21:07:05skrahlinkissue9236 messages
2010-07-12 21:07:04skrahcreate