New submission from ale...@altlinux.org <ale...@altlinux.org>:

There is a strange behavior while processing data in a "for" loop with 
urllib.parse.unquote() - looks like memory corruption - a list contains 
elements that have never been appended.

I'll explain the testcase.

I spotted the problem by checking for any remains of url encoding left in 
output_list. There were these strings with url encoding left - "bad_boys" dict 
in testcase. Now, when iterating through input_list (read from "data.txt"), I'm 
checking for those problematic entries and printing what is being appended to 
the output_list as well as all problematic (unwanted, "Bad Boys") and converted 
problematic entries ("Normal conversions") existing in the output_list. At some 
point, unwanted entries appear in output_list. The resulting output_list 
contains converted and unconverted problematic entries, though input_list's 
length equals output_list's length.

data.txt needs to be saved along with testcase.py, and then you can run 
testcase.py.

The output of running testcase.py:

Bad Boys are:
         seil%2fturbo_firmware 140335684191552
         intelligent_platforms_proficy_hmi%2fscada_cimplicity 140335684515920
         seil%2fneu_2fe_plus_firmware 140335684536080
         seil%2fb1_firmware 140335684134640
         eil%2fx2_firmware 140335684191984
         seil%2fx1_firmware 140335684190832
         seil%2fx2_firmware 140335684190904
         seil%2fx86_firmware 140335684192488

Input list length is: 17094 

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fb1_firmware 140335679096848 >> seil/b1_firmware 
140335681345768
Just appended: seil/b1_firmware 140335681345768
Normal conversions in output list:
         seil/b1_firmware 140335681345768

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx1_firmware 140335679096920 >> seil/x1_firmware 
140335681345840
Just appended: seil/x1_firmware 140335681345840
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx2_firmware 140335679096992 >> seil/x2_firmware 
140335681345912
Just appended: seil/x2_firmware 140335681345912
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fx86_firmware 140335679134936 >> seil/x86_firmware 
140335681346704
Just appended: seil/x86_firmware 140335681346704
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912
         seil/x86_firmware 140335681346704
Bad Boys in output list:
         eil%2fx2_firmware 140335681346272

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fturbo_firmware 140335679200976 >> seil/turbo_firmware 
140335679269456
Just appended: seil/turbo_firmware 140335679269456
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912
         seil/x86_firmware 140335681346704
         seil/turbo_firmware 140335679269456
Bad Boys in output list:
         eil%2fx2_firmware 140335681346272
         seil%2fb1_firmware 140335679267800
         seil%2fx1_firmware 140335679267872
         seil%2fx2_firmware 140335679267944
         seil%2fx86_firmware 140335679269384

Bad Boy detected
Element type: <class 'str'>
Convertation: seil%2fneu_2fe_plus_firmware 140335678867056 >> 
seil/neu_2fe_plus_firmware 140335680328928
Just appended: seil/neu_2fe_plus_firmware 140335680328928
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912
         seil/x86_firmware 140335681346704
         seil/turbo_firmware 140335679269456
         seil/neu_2fe_plus_firmware 140335680328928
Bad Boys in output list:
         eil%2fx2_firmware 140335681346272
         seil%2fb1_firmware 140335679267800
         seil%2fx1_firmware 140335679267872
         seil%2fx2_firmware 140335679267944
         seil%2fx86_firmware 140335679269384
         seil%2fturbo_firmware 140335679849576

Bad Boy detected
Element type: <class 'str'>
Convertation: intelligent_platforms_proficy_hmi%2fscada_cimplicity 
140335678546800 >> intelligent_platforms_proficy_hmi/scada_cimplicity 
140335681194376
Just appended: intelligent_platforms_proficy_hmi/scada_cimplicity 
140335681194376
Normal conversions in output list:
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912
         seil/x86_firmware 140335681346704
         seil/turbo_firmware 140335679269456
         seil/neu_2fe_plus_firmware 140335680328928
         intelligent_platforms_proficy_hmi/scada_cimplicity 140335681194376
Bad Boys in output list:
         eil%2fx2_firmware 140335681346272
         seil%2fb1_firmware 140335679267800
         seil%2fx1_firmware 140335679267872
         seil%2fx2_firmware 140335679267944
         seil%2fx86_firmware 140335679269384
         seil%2fturbo_firmware 140335679849576
         seil%2fneu_2fe_plus_firmware 140335678934512

FINAL RESULTS
Output list length is: 17094
Normal conversions in output list (Bad Boys -related):
         seil/b1_firmware 140335681345768
         seil/x1_firmware 140335681345840
         seil/x2_firmware 140335681345912
         seil/x86_firmware 140335681346704
         seil/turbo_firmware 140335679269456
         seil/neu_2fe_plus_firmware 140335680328928
         intelligent_platforms_proficy_hmi/scada_cimplicity 140335681194376
Bad Boys in output list:
         eil%2fx2_firmware 140335681346272
         seil%2fb1_firmware 140335679267800
         seil%2fx1_firmware 140335679267872
         seil%2fx2_firmware 140335679267944
         seil%2fx86_firmware 140335679269384
         seil%2fturbo_firmware 140335679849576
         seil%2fneu_2fe_plus_firmware 140335678934512
         intelligent_platforms_proficy_hmi%2fscada_cimplicity 140335681195728

----------
components: Library (Lib)
files: testcase.py
messages: 314688
nosy: ale...@altlinux.org
priority: normal
severity: normal
status: open
title: Memory corruption with urllib.parse
type: security
versions: Python 3.5
Added file: https://bugs.python.org/file47506/testcase.py

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue33186>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to