Hi, I filled 14 issues about bugs found by fuzzing (see my other email "Play with fuzzing" for more informations). Most bugs are now closed, cool :-) Last bugs:
== Trivial open bugs == segfault on locale.gettext(None) - http://bugs.python.org/issue3302 - attached patch is trivial: fix the PyArg_ParseTuple() to block None value, and reject empty domain string for bindtextdomain() (to avoid strange error "OSError(0): success") invalid ref count on locale.strcoll() error - http://bugs.python.org/issue3303 - attached patch is trivial: add "if (rel1)" _multiprocessing.Connection() doesn't check handle - http://bugs.python.org/issue3321 - _multiprocessing.Connection(fd) doesn't check that fd is a valid file handle and so may crash on poll (the "evil" FD_SET() call) - my patch add "|| fstat(handle, &statbuf)" to make sure that the file descriptor is valid == Complex open bugs == block operation on closed socket/pipe for multiprocessing - http://bugs.python.org/issue3311 - close() method sets the file handle to -1 but most methods don't check the handle and so may fail or crash. Especially poll() calls FD_SET((SOCKET)conn->handle, &rfds); with handle=-1 => crash. - my patch creates a new MP error: "return MP_CLOSED_FILE;", used if handle is INVALID_HANDLE_VALUE to block operations (send, receive, poll) on closed files for socket and pipe. bugs in scanstring_str() and scanstring_unicode() of _json module - http://bugs.python.org/issue3322 - scanstring() function crashs if second argument is a big negative integer. There is no attached patch because I don't understand this function enough to fix it correctly, but I suggest to raise a ValueError if end is too small/big invalid object destruction in re.finditer() - or "PyObject_DEL inconsistency if pydebug option is used" - http://bugs.python.org/issue3299 - It's the most complex bug, I prefer to write a new email :-) == Need backport / port to python 3.0 == invalid call to PyMem_Free() in fileio_init() - http://bugs.python.org/issue3304 - patch applied in Python 2.6 (trunk) but not in Python 3000: "i'm assuming that'll be merged into py3k automagically." wrote Gregory P. Smith missing lock release in BZ2File_iternext() - http://bugs.python.org/issue3309 - patch applied in Python 2.6 but "Needs backporting to release25-maint." wrote Gregory P. Smith When all bugs will be closed, I will restart a fuzzing Python ;-) But I also tried with my patches and I was unable to find new bugs, great! Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
