Message 98157 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	dhelfman
Recipients	dhelfman
Date	2010-01-22.19:24:13
SpamBayes Score	1.1489772e-09
Marked as misclassified	No
Message-id	<1264188255.93.0.523423533776.issue7758@psf.upfronthosting.co.za>
In-reply-to

Content
The following code causes Python to segfault: >>> import cPickle >>> import cStringIO as io >>> cPickle.load( io.StringIO( '0' ) ) Note that if the string is changed from '0' to '1', then the crash does not occur and an UnpicklingError is properly raised. This is in MSYS on Windows XP with Python 2.6.4 from python.org: $ gdb python GNU gdb 5.2.1 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-mingw32"...(no debugging symbols found)... (gdb) r -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )" Starting program: c:\python26/python.exe -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )" Program received signal SIGSEGV, Segmentation fault. 0x1e09ada3 in ?? () (gdb) bt #0 0x1e09ada3 in ?? () #1 0x1e0e1fd5 in ?? () #2 0x00a4e290 in ?? () #3 0x1e1d1d30 in ?? () Cannot access memory at address 0x3 And this is on Mac OS X 10.5 with Python 2.6.4 from python.org: $ gdb python GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 UTC 2008) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries .. done (gdb) r -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )" Starting program: /System/Library/Frameworks/Python.framework/Versions/2.6/bin/python -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )" Reading symbols for shared libraries +. done Program received signal SIGTRAP, Trace/breakpoint trap. 0x8fe01010 in __dyld__dyld_start () (gdb) bt #0 0x8fe01010 in __dyld__dyld_start () Cannot access memory at address 0x4 The same crash occurs on the Mac when using Apple's Python 2.5.1. However, on Linux with Debian stable's Python 2.5.2, I just get an UnpicklingError (stack underflow) exception without a crash.

The following code causes Python to segfault:

>>> import cPickle
>>> import cStringIO as io
>>> cPickle.load( io.StringIO( '0' ) )

Note that if the string is changed from '0' to '1', then the crash does not occur and an UnpicklingError is properly raised.

This is in MSYS on Windows XP with Python 2.6.4 from python.org:

$ gdb python
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...(no debugging symbols found)...
(gdb) r -c "import cPickle; import cStringIO as io;  cPickle.load( io.StringIO( '0' ) )"
Starting program: c:\python26/python.exe -c "import cPickle; import cStringIO as io;  cPickle.load( io.StringIO( '0' ) )"

Program received signal SIGSEGV, Segmentation fault.
0x1e09ada3 in ?? ()
(gdb) bt
#0  0x1e09ada3 in ?? ()
#1  0x1e0e1fd5 in ?? ()
#2  0x00a4e290 in ?? ()
#3  0x1e1d1d30 in ?? ()
Cannot access memory at address 0x3

And this is on Mac OS X 10.5 with Python 2.6.4 from python.org:

$ gdb python
GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries .. done

(gdb) r -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )"
Starting program: /System/Library/Frameworks/Python.framework/Versions/2.6/bin/python -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )"
Reading symbols for shared libraries +. done

Program received signal SIGTRAP, Trace/breakpoint trap.
0x8fe01010 in __dyld__dyld_start ()
(gdb) bt
#0  0x8fe01010 in __dyld__dyld_start ()
Cannot access memory at address 0x4

The same crash occurs on the Mac when using Apple's Python 2.5.1. However, on Linux with Debian stable's Python 2.5.2, I just get an UnpicklingError (stack underflow) exception without a crash.

History
Date	User	Action	Args
2010-01-22 19:24:16	dhelfman	set	recipients: + dhelfman
2010-01-22 19:24:15	dhelfman	set	messageid: <1264188255.93.0.523423533776.issue7758@psf.upfronthosting.co.za>
2010-01-22 19:24:14	dhelfman	link	issue7758 messages
2010-01-22 19:24:13	dhelfman	create