Message 71157 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	mgiuca
Recipients	mgiuca
Date	2008-08-15.02:39:31
SpamBayes Score	1.0763485e-10
Marked as misclassified	No
Message-id	<1218767975.42.0.656822559371.issue3557@psf.upfronthosting.co.za>
In-reply-to

Content
Continuing the discussion from Issue 3552 (http://bugs.python.org/issue3552). r65676 makes changes to Modules/md5module.c and Modules/sha1module.c, to allow them to read mutable buffers. There's a segfault in sha1module if given 0 arguments. eg: >>> import _sha1 >>> _sha1.sha1() Segmentation fault Docs here suggest this should be OK: http://docs.python.org/dev/3.0/library/hashlib.html This crashes on the Lib/test/test_hmac.py test case, but apparently (according to Margin on issue 3552) none of the build bots see it because they use libopenssl and completely bypass the _md5 and _sha1 modules. Also there are no direct test cases for either of these modules. This is because new code in r65676 doesn't initialise a pointer to NULL. Fixed in patch (as well as replaced tab with spaces for consistency, in both modules). I strongly recommend that a) A "build bot" be made to use _md5 and _sha1 instead of OpenSSL (or they aren't running that code at all), AND/OR b) Direct test cases be written for _md5 and _sha1. Commit log: Fixed crash on _sha1.sha1(), with no arguments, due to not initialising pointer. Normalised indentation in md5module.c and sha1module.c.

Continuing the discussion from Issue 3552
(http://bugs.python.org/issue3552).

r65676 makes changes to Modules/md5module.c and Modules/sha1module.c, to
allow them to read mutable buffers.

There's a segfault in sha1module if given 0 arguments. eg:

>>> import _sha1
>>> _sha1.sha1()
Segmentation fault

Docs here suggest this should be OK:
http://docs.python.org/dev/3.0/library/hashlib.html

This crashes on the Lib/test/test_hmac.py test case, but apparently
(according to Margin on issue 3552) none of the build bots see it
because they use libopenssl and completely bypass the _md5 and _sha1
modules. Also there are no direct test cases for either of these modules.

This is because new code in r65676 doesn't initialise a pointer to NULL.
Fixed in patch (as well as replaced tab with spaces for consistency, in
both modules).

I strongly recommend that a) A "build bot" be made to use _md5 and _sha1
instead of OpenSSL (or they aren't running that code at all), AND/OR b)
Direct test cases be written for _md5 and _sha1.

Commit log:

Fixed crash on _sha1.sha1(), with no arguments, due to not initialising
pointer.

Normalised indentation in md5module.c and sha1module.c.

History
Date	User	Action	Args
2008-08-15 02:39:35	mgiuca	set	recipients: + mgiuca
2008-08-15 02:39:35	mgiuca	set	messageid: <1218767975.42.0.656822559371.issue3557@psf.upfronthosting.co.za>
2008-08-15 02:39:33	mgiuca	link	issue3557 messages
2008-08-15 02:39:32	mgiuca	create