This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author larry
Recipients larry
Date 2013-02-12.06:14:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The implementations for LOAD_FAST, STORE_FAST, and DELETE_FAST don't check that the index is <= the size of fastlocals.  So it's a snap to crash the interpreter with hand-written bytecode, by going past the end of the fastlocals array.  Kaboom!

Attached is a program that demonstrates a crash with each of LOAD_FAST, STORE_FAST, and DELETE_FAST.  These all crashed 2.7, 3.2, 3.3, and a recent trunk.  (Well, two exceptions: LOAD_FAST and DELETE_FAST didn't crash 3.2.  Given the behavior, my suspicion is not that 3.2 is hardened, just that there's something dopey with my thrown-together test.)

It could be that this is not an interesting bug, that policy suggests that anyone who can write their own bytecode is a Consenting Adult.  You tell me.
Date User Action Args
2013-02-12 06:14:34larrysetrecipients: + larry
2013-02-12 06:14:34larrysetmessageid: <>
2013-02-12 06:14:34larrylinkissue17190 messages
2013-02-12 06:14:34larrycreate