New submission from ale...@altlinux.org <ale...@altlinux.org>:
There is a strange behavior while processing data in a "for" loop with
urllib.parse.unquote() - looks like memory corruption - a list contains
elements that have never been appended.
I'll explain the testcase.
I spotted the problem by checking for any remains of url encoding left in
output_list. There were these strings with url encoding left - "bad_boys" dict
in testcase. Now, when iterating through input_list (read from "data.txt"), I'm
checking for those problematic entries and printing what is being appended to
the output_list as well as all problematic (unwanted, "Bad Boys") and converted
problematic entries ("Normal conversions") existing in the output_list. At some
point, unwanted entries appear in output_list. The resulting output_list
contains converted and unconverted problematic entries, though input_list's
length equals output_list's length.
data.txt needs to be saved along with testcase.py, and then you can run
testcase.py.
The output of running testcase.py:
Bad Boys are:
seil%2fturbo_firmware 140335684191552
intelligent_platforms_proficy_hmi%2fscada_cimplicity 140335684515920
seil%2fneu_2fe_plus_firmware 140335684536080
seil%2fb1_firmware 140335684134640
eil%2fx2_firmware 140335684191984
seil%2fx1_firmware 140335684190832
seil%2fx2_firmware 140335684190904
seil%2fx86_firmware 140335684192488
Input list length is: 17094
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fb1_firmware 140335679096848 >> seil/b1_firmware
140335681345768
Just appended: seil/b1_firmware 140335681345768
Normal conversions in output list:
seil/b1_firmware 140335681345768
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx1_firmware 140335679096920 >> seil/x1_firmware
140335681345840
Just appended: seil/x1_firmware 140335681345840
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx2_firmware 140335679096992 >> seil/x2_firmware
140335681345912
Just appended: seil/x2_firmware 140335681345912
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx86_firmware 140335679134936 >> seil/x86_firmware
140335681346704
Just appended: seil/x86_firmware 140335681346704
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
seil/x86_firmware 140335681346704
Bad Boys in output list:
eil%2fx2_firmware 140335681346272
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fturbo_firmware 140335679200976 >> seil/turbo_firmware
140335679269456
Just appended: seil/turbo_firmware 140335679269456
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
seil/x86_firmware 140335681346704
seil/turbo_firmware 140335679269456
Bad Boys in output list:
eil%2fx2_firmware 140335681346272
seil%2fb1_firmware 140335679267800
seil%2fx1_firmware 140335679267872
seil%2fx2_firmware 140335679267944
seil%2fx86_firmware 140335679269384
Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fneu_2fe_plus_firmware 140335678867056 >>
seil/neu_2fe_plus_firmware 140335680328928
Just appended: seil/neu_2fe_plus_firmware 140335680328928
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
seil/x86_firmware 140335681346704
seil/turbo_firmware 140335679269456
seil/neu_2fe_plus_firmware 140335680328928
Bad Boys in output list:
eil%2fx2_firmware 140335681346272
seil%2fb1_firmware 140335679267800
seil%2fx1_firmware 140335679267872
seil%2fx2_firmware 140335679267944
seil%2fx86_firmware 140335679269384
seil%2fturbo_firmware 140335679849576
Bad Boy detected
Element type: <class 'str'>
Convertation: intelligent_platforms_proficy_hmi%2fscada_cimplicity
140335678546800 >> intelligent_platforms_proficy_hmi/scada_cimplicity
140335681194376
Just appended: intelligent_platforms_proficy_hmi/scada_cimplicity
140335681194376
Normal conversions in output list:
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
seil/x86_firmware 140335681346704
seil/turbo_firmware 140335679269456
seil/neu_2fe_plus_firmware 140335680328928
intelligent_platforms_proficy_hmi/scada_cimplicity 140335681194376
Bad Boys in output list:
eil%2fx2_firmware 140335681346272
seil%2fb1_firmware 140335679267800
seil%2fx1_firmware 140335679267872
seil%2fx2_firmware 140335679267944
seil%2fx86_firmware 140335679269384
seil%2fturbo_firmware 140335679849576
seil%2fneu_2fe_plus_firmware 140335678934512
FINAL RESULTS
Output list length is: 17094
Normal conversions in output list (Bad Boys -related):
seil/b1_firmware 140335681345768
seil/x1_firmware 140335681345840
seil/x2_firmware 140335681345912
seil/x86_firmware 140335681346704
seil/turbo_firmware 140335679269456
seil/neu_2fe_plus_firmware 140335680328928
intelligent_platforms_proficy_hmi/scada_cimplicity 140335681194376
Bad Boys in output list:
eil%2fx2_firmware 140335681346272
seil%2fb1_firmware 140335679267800
seil%2fx1_firmware 140335679267872
seil%2fx2_firmware 140335679267944
seil%2fx86_firmware 140335679269384
seil%2fturbo_firmware 140335679849576
seil%2fneu_2fe_plus_firmware 140335678934512
intelligent_platforms_proficy_hmi%2fscada_cimplicity 140335681195728
----------
components: Library (Lib)
files: testcase.py
messages: 314688
nosy: ale...@altlinux.org
priority: normal
severity: normal
status: open
title: Memory corruption with urllib.parse
type: security
versions: Python 3.5
Added file: https://bugs.python.org/file47506/testcase.py
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue33186>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
