Andrey Wagin added the comment: sendto(4, "asdfasdfsadfasdfsdfsadfsdfasdfsd"..., 42, 0, NULL, 0) = 42 recvfrom(3, "a\0n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\0\0\0\0\2\0\0\0"..., 1, MSG_TRUNC, NULL, NULL) = 42
I think the exit code is interpreted incorrectly. In this case it isn't equal to the number of bytes received. Then python copies this number of bytes from the buffer with smaller size, so it may access memory which are not allocated or allocated by someone else. valgrind detects this type of errors: [avagin@localhost ~]$ cat sock.py import socket, os, sys sks = socket.socketpair(socket.AF_UNIX, socket.SOCK_DGRAM) pid = os.fork() if pid == 0: sks[1].send("\0" * 4096) sys.exit(0) sk = sks[0] print sk.recv(1, socket.MSG_TRUNC ) [avagin@localhost ~]$ valgrind python sock.py ==25511== Memcheck, a memory error detector ==25511== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==25511== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==25511== Command: python sock.py ==25511== ==25511== Syscall param write(buf) points to uninitialised byte(s) ==25511== at 0x320B4F0940: __write_nocancel (in /usr/lib64/libc-2.20.so) ==25511== by 0x320B478D2C: _IO_file_write@@GLIBC_2.2.5 (in /usr/lib64/libc-2.20.so) ==25511== by 0x320B4794EE: _IO_file_xsputn@@GLIBC_2.2.5 (in /usr/lib64/libc-2.20.so) ==25511== by 0x320B46EE68: fwrite (in /usr/lib64/libc-2.20.so) ==25511== by 0x369CC90210: ??? (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CC85EAE: ??? (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CC681AB: PyFile_WriteObject (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CCE08F9: PyEval_EvalFrameEx (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CCE340F: PyEval_EvalCodeEx (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CCE3508: PyEval_EvalCode (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CCFC91E: ??? (in /usr/lib64/libpython2.7.so.1.0) ==25511== by 0x369CCFDB41: PyRun_FileExFlags (in /usr/lib64/libpython2.7.so.1.0) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue24933> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com