Message181944
The implementations for LOAD_FAST, STORE_FAST, and DELETE_FAST don't check that the index is <= the size of fastlocals. So it's a snap to crash the interpreter with hand-written bytecode, by going past the end of the fastlocals array. Kaboom!
Attached is a program that demonstrates a crash with each of LOAD_FAST, STORE_FAST, and DELETE_FAST. These all crashed 2.7, 3.2, 3.3, and a recent trunk. (Well, two exceptions: LOAD_FAST and DELETE_FAST didn't crash 3.2. Given the behavior, my suspicion is not that 3.2 is hardened, just that there's something dopey with my thrown-together test.)
It could be that this is not an interesting bug, that policy suggests that anyone who can write their own bytecode is a Consenting Adult. You tell me. |
|
Date |
User |
Action |
Args |
2013-02-12 06:14:34 | larry | set | recipients:
+ larry |
2013-02-12 06:14:34 | larry | set | messageid: <1360649674.7.0.74265466328.issue17190@psf.upfronthosting.co.za> |
2013-02-12 06:14:34 | larry | link | issue17190 messages |
2013-02-12 06:14:34 | larry | create | |
|