New submission from Stefan Krah <[email protected]>:
Due to an integer overflow in unicode_hash, the python interpreter
crashes if built with -ftrapv:
./configure --with-pydebug CFLAGS="-ftrapv"
Starting program: /home/stefan/svn/py3k/python
[Thread debugging using libthread_db enabled]
Program received signal SIGABRT, Aborted.
0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0 0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007ffff71ea5c0 in *__GI_abort () at abort.c:92
#2 0x00000000005e30a0 in __mulvdi3 ()
#3 0x000000000046304b in unicode_hash (self=0x7ffff7fab110) at
Objects/unicodeobject.c:7600
#4 0x000000000041a313 in PyObject_Hash (v=0x7ffff7fab110) at
Objects/object.c:762
#5 0x00000000005a9093 in PyDict_GetItem (op=0x8be030, key=0x7ffff7fab110) at
Objects/dictobject.c:715
#6 0x000000000046d88c in PyUnicode_InternInPlace (p=0x7fffffffdf38) at
Objects/unicodeobject.c:10026
#7 0x000000000046da8b in PyUnicode_InternFromString (cp=0x5e7c99 "__len__") at
Objects/unicodeobject.c:10065
#8 0x0000000000445eba in init_slotdefs () at Objects/typeobject.c:5801
#9 0x000000000044633b in add_operators (type=0x846400) at
Objects/typeobject.c:5955
#10 0x000000000043e950 in PyType_Ready (type=0x846400) at
Objects/typeobject.c:3860
#11 0x000000000043e87e in PyType_Ready (type=0x846000) at
Objects/typeobject.c:3824
#12 0x000000000041c786 in _Py_ReadyTypes () at Objects/object.c:1513
#13 0x00000000004c99a6 in Py_InitializeEx (install_sigs=1) at
Python/pythonrun.c:229
#14 0x00000000004c9d78 in Py_Initialize () at Python/pythonrun.c:321
#15 0x00000000004ead8c in Py_Main (argc=1, argv=0x7ffff7fa9040) at
Modules/main.c:597
#16 0x00000000004187cf in main (argc=1, argv=0x7fffffffe3c8) at
./Modules/python.c:59
Breakpoint 1, unicode_hash (self=0x7ffff7fab110) at Objects/unicodeobject.c:7594
7594 if (self->hash != -1)
(gdb) n
7596 len = Py_SIZE(self);
(gdb) n
7597 p = self->str;
(gdb) n
7598 x = *p << 7;
(gdb) n
7599 while (--len >= 0)
(gdb) p x
$1 = 12160
(gdb) n
7600 x = (1000003*x) ^ *p++;
(gdb) n
7599 while (--len >= 0)
(gdb) n
7600 x = (1000003*x) ^ *p++;
(gdb) n
7599 while (--len >= 0)
(gdb) n
7600 x = (1000003*x) ^ *p++;
(gdb) n
Program received signal SIGABRT, Aborted.
0x00007ffff71e6a75 in *__GI_raise (sig=<value optimized out>) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) quit
This might be related to issue #10156 (unicode initialization is
not clearly defined).
----------
components: Interpreter Core
messages: 128270
nosy: georg.brandl, skrah
priority: critical
severity: normal
stage: needs patch
status: open
title: Overflow in unicode_hash
type: crash
versions: Python 3.2
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue11167>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
