Author Steve Fink
Recipients Steve Fink
Date 2016-08-01.23:52:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1470095550.97.0.482934277649.issue27666@psf.upfronthosting.co.za>
In-reply-to
Content
When attempting to run |hg chistedit|, which uses the python curses module, I am getting *** stack smashing detected ***: /usr/bin/python terminated

The problem is in PyCursesWindow_Box in _cursesmodule.c:

        if (!PyArg_ParseTuple(args,"ll;vertint,horint", &ch1, &ch2))
            return NULL;

ch1 and ch2 are of type 'chtype', which is a 4-byte integer on my platform. (I am on a fresh install of Fedora 24 x86_64.) The format string 'l' is writing 8 bytes. It is hard to fit 8 bytes into a 4 byte variable.

I scanned through the rest of the file. Most places are very careful about this; if needed, they'll parse into a 'long' temporary and then assign. But here's another one in PyCurses_UngetMouse:

    MEVENT event;
    PyCursesInitialised;
    if (!PyArg_ParseTuple(args, "hiiil",
                          &event.id,
                          &event.x, &event.y, &event.z,
                          (int *) &event.bstate))
        return NULL;

event.bstate is of type mmask_t, which is also 4 bytes.

I did not find any more in that file.

% rpm -q python-libs
python-libs-2.7.12-1.fc24.x86_64
History
Date User Action Args
2016-08-01 23:52:31Steve Finksetrecipients: + Steve Fink
2016-08-01 23:52:30Steve Finksetmessageid: <1470095550.97.0.482934277649.issue27666@psf.upfronthosting.co.za>
2016-08-01 23:52:30Steve Finklinkissue27666 messages
2016-08-01 23:52:30Steve Finkcreate