➜ 
This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.
Created on 2011-09-02 03:50 by meador.inge, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| issue12881.patch | meador.inge, 2011-09-03 16:12 | review | ||
| Messages (11) | |||
|---|---|---|---|
| msg143376 - (view) | Author: Meador Inge (meador.inge) *  | Date: 2011-09-02 03:50 | |
Reproduced on Fedora 15 with tip Python: [meadori@motherbrain cpython]$ ./python Python 3.3.0a0 (default:3102951cc1ce+, Sep 1 2011, 22:19:06) [GCC 4.6.0 20110603 (Red Hat 4.6.0-10)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ctypes [68588 refs] >>> class S(ctypes.Structure): ... _fields_ = [('x' * 10000000, ctypes.c_int)] ... Segmentation fault (core dumped) | |||
| msg143438 - (view) | Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * | Date: 2011-09-02 21:26 | |
Certainly the effect of some "alloca" call with a large value, then the stack overflows. | |||
| msg143441 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-09-02 22:25 | |
On Fri, Sep 2, 2011 at 4:26 PM, Amaury Forgeot d'Arc <report@bugs.python.org> wrote: > > Amaury Forgeot d'Arc <amauryfa@gmail.com> added the comment: > > Certainly the effect of some "alloca" call with a large value, then the stack overflows. Yeah, I noticed that too. I was actually pretty surprised to see "alloca" in there :-) | |||
| msg143466 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-09-03 16:12 | |
Here is a patch that replaces the 'alloca' call with 'PyMem_Malloc'. | |||
| msg143851 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-09-11 03:01 | |
Ping. Any thoughts on this one? | |||
| msg143870 - (view) | Author: Charles-François Natali (neologix) * | Date: 2011-09-11 15:20 | |
Looks good to me. | |||
| msg143889 - (view) | Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * | Date: 2011-09-12 07:57 | |
Note that there is at least one other place where alloca() is used with potentially large values: the POINTER() function in callproc.c. Also, PyUnicode_FromFormat could be used instead of sprintf. | |||
| msg144006 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-09-14 02:42 | |
> Note that there is at least one other place where alloca() is > used with potentially large values: Ouch! I found three more crashers (including the one you found) by grepping for 'alloca' in ctypes: >>> from ctypes import * >>> T = type('x' * 2 ** 25, (Structure,), {}) >>> p = POINTER(T) Segmentation fault (core dumped) >>> from ctypes import * >>> p = POINTER('x' * 2 ** 25) Segmentation fault (core dumped) >>> from ctypes import * >>> NARGS = 2 ** 20 >>> proto = CFUNCTYPE(None, *(c_int,) * NARGS) >>> def func(*args): ... return (1, "abc", None) ... >>> cb = proto(func) >>> cb(*(1,) * NARGS) Segmentation fault (core dumped) I will fix those too. | |||
| msg144399 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-09-22 03:21 | |
I am going to open separate issues for the other crashers. > Also, PyUnicode_FromFormat could be used instead of sprintf. Amaury, how so? 'sprintf' and 'stgdict->format' work with 'char *'s where as 'PyUnicode_FromFormat' builds a unicode string object. Unless there are any objections, I am going to commit as is. | |||
| msg144849 - (view) | Author: Roundup Robot (python-dev)  | Date: 2011-10-04 03:40 | |
New changeset aa3ebc2dfc15 by Meador Inge in branch '2.7': Issue #12881: ctypes: Fix segfault with large structure field names. http://hg.python.org/cpython/rev/aa3ebc2dfc15 New changeset d05350c14e77 by Meador Inge in branch '3.2': Issue #12881: ctypes: Fix segfault with large structure field names. http://hg.python.org/cpython/rev/d05350c14e77 New changeset 2eab632864f6 by Meador Inge in branch 'default': Issue #12881: ctypes: Fix segfault with large structure field names. http://hg.python.org/cpython/rev/2eab632864f6 | |||
| msg144853 - (view) | Author: Meador Inge (meador.inge) * | Date: 2011-10-04 03:58 | |
Fixed. Opened issue13096 and issue13097 for the other crashers. | |||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:21 | admin | set | github: 57090 |
| 2011-10-04 03:58:14 | meador.inge | set | status: open -> closed resolution: fixed messages: + msg144853 stage: commit review -> resolved |
| 2011-10-04 03:40:20 | python-dev | set | nosy: + python-dev messages: + msg144849 |
| 2011-09-28 02:29:24 | meador.inge | set | assignee: meador.inge versions: + Python 2.7, Python 3.2 |
| 2011-09-22 03:21:28 | meador.inge | set | messages: + msg144399 |
| 2011-09-14 02:42:58 | meador.inge | set | messages: + msg144006 |
| 2011-09-12 07:57:33 | amaury.forgeotdarc | set | messages: + msg143889 |
| 2011-09-11 15:20:02 | neologix | set | nosy: + neologix messages: + msg143870 stage: patch review -> commit review |
| 2011-09-11 03:01:59 | meador.inge | set | messages: + msg143851 |
| 2011-09-03 16:12:49 | meador.inge | set | files: + issue12881.patch keywords: + patch messages: + msg143466 stage: needs patch -> patch review |
| 2011-09-02 22:25:38 | meador.inge | set | messages: + msg143441 |
| 2011-09-02 21:26:11 | amaury.forgeotdarc | set | messages: + msg143438 |
| 2011-09-02 03:50:51 | meador.inge | create | |