Message271796
When attempting to run |hg chistedit|, which uses the python curses module, I am getting *** stack smashing detected ***: /usr/bin/python terminated
The problem is in PyCursesWindow_Box in _cursesmodule.c:
if (!PyArg_ParseTuple(args,"ll;vertint,horint", &ch1, &ch2))
return NULL;
ch1 and ch2 are of type 'chtype', which is a 4-byte integer on my platform. (I am on a fresh install of Fedora 24 x86_64.) The format string 'l' is writing 8 bytes. It is hard to fit 8 bytes into a 4 byte variable.
I scanned through the rest of the file. Most places are very careful about this; if needed, they'll parse into a 'long' temporary and then assign. But here's another one in PyCurses_UngetMouse:
MEVENT event;
PyCursesInitialised;
if (!PyArg_ParseTuple(args, "hiiil",
&event.id,
&event.x, &event.y, &event.z,
(int *) &event.bstate))
return NULL;
event.bstate is of type mmask_t, which is also 4 bytes.
I did not find any more in that file.
% rpm -q python-libs
python-libs-2.7.12-1.fc24.x86_64 |
|
Date |
User |
Action |
Args |
2016-08-01 23:52:31 | Steve Fink | set | recipients:
+ Steve Fink |
2016-08-01 23:52:30 | Steve Fink | set | messageid: <1470095550.97.0.482934277649.issue27666@psf.upfronthosting.co.za> |
2016-08-01 23:52:30 | Steve Fink | link | issue27666 messages |
2016-08-01 23:52:30 | Steve Fink | create | |
|