Message 65456 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	gregory.p.smith
Recipients	gregory.p.smith
Date	2008-04-14.02:56:06
SpamBayes Score	0.0036146191
Marked as misclassified	No
Message-id	<1208141769.9.0.601794636636.issue2629@psf.upfronthosting.co.za>
In-reply-to

Content
In _PyUnicode_New() a unicode object is taken from the freelist but if the unicode_resize() call fails and returns -1, the goto onerror calls _Py_ForgetReference on the unicode object... But it has NULL _ob_prev and _ob_next values causing a crash when they're used. How to reproduce: * Make a 32-bit --with-pydebug build of Python trunk. * Run it on a machine with lots of ram (at least 3gigs recommended, or lots of swap and a heap of patience): ./python Python 2.6a2+ (trunk:62336M, Apr 13 2008, 18:51:30) >>> msg = 'A'*2000111222 >>> x = msg.decode('utf8') It segmentation faults in _Py_ForgetReference.

In _PyUnicode_New() a unicode object is taken from the freelist but if
the unicode_resize() call fails and returns -1, the goto onerror calls
_Py_ForgetReference on the unicode object... But it has NULL _ob_prev
and _ob_next values causing a crash when they're used.

How to reproduce:

* Make a 32-bit --with-pydebug build of Python trunk.
* Run it on a machine with lots of ram (at least 3gigs recommended, or
lots of swap and a heap of patience):

./python
Python 2.6a2+ (trunk:62336M, Apr 13 2008, 18:51:30)
>>> msg = 'A'*2000111222
>>> x = msg.decode('utf8')

It segmentation faults in _Py_ForgetReference.

History
Date	User	Action	Args
2008-04-14 02:56:10	gregory.p.smith	set	spambayes_score: 0.00361462 -> 0.0036146191 recipients: + gregory.p.smith
2008-04-14 02:56:09	gregory.p.smith	set	spambayes_score: 0.00361462 -> 0.00361462 messageid: <1208141769.9.0.601794636636.issue2629@psf.upfronthosting.co.za>
2008-04-14 02:56:08	gregory.p.smith	link	issue2629 messages
2008-04-14 02:56:07	gregory.p.smith	create