[issue22583] Segmentation fault with string concatenation
STINNER Victor added the comment: Then, on Ubuntu 14.04, 32-bit: $ python mega_concat.py Segmentation fault (core dumped) What is your Python version? It looks like Ubuntu Trusty provides Python 2.7.6. I'm unable to reproduce the issue on ArchLinux 32-bit with Python 2.7.8. The issue was maybe fixed between 2.7.6 and 2.7.8. [haypo@arch32 ~]$ cat megaconcat.py N = 2**17 my_array = [] for i in range(N): my_array.append(\\) print('+'.join(my_array)) [haypo@arch32 ~]$ python2 -V Python 2.7.8 [haypo@arch32 ~]$ ulimit -v 8000 [haypo@arch32 ~]$ python2 megaconcat.py Traceback (most recent call last): File megaconcat.py, line 5, in module my_array.append(\\) MemoryError -- nosy: +haypo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22583 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22583] Segmentation fault with string concatenation
Josh Rosenberg added the comment: You're supposed to use that code to create a file (the output file is just +...+). If you want something that won't MemoryError generating the file, this is a memory free version of the code to generate the file: import itertools, sys sys.stdout.writelines(itertools.repeat('+', 2**17)) print('') Run that code (saved as whatever file name you like) and pipe the output to mega_concat.py, then run mega_concat.py to repro. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22583 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22583] Segmentation fault with string concatenation
New submission from Kevin Dyer: The following can be used to generate a file called mega_concat.py: N = 2**17 my_array = [] for i in range(N): my_array.append(\\) print '+'.join(my_array) Then, on Ubuntu 14.04, 32-bit: $ python mega_concat.py Segmentation fault (core dumped) $ python3 mega_concat.py RuntimeError: maximum recursion depth exceeded during compilation Seems like this is a simple out-of-memory issue. -- components: Interpreter Core messages: 228809 nosy: Kevin.Dyer priority: normal severity: normal status: open title: Segmentation fault with string concatenation type: crash versions: Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22583 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22583] Segmentation fault with string concatenation
Josh Rosenberg added the comment: It's not out of memory at all. It's (probably) a blown stack during compilation optimization. Modern Py3 has fixed this by simply preventing silly levels of literal concatenation like this causing indefinite call stack expansion; the older ones just allowed the call stack to grow out of control (and the stack can blow long before memory is exhausted). I doubt a fix would be backported, and a fix for Py3 seems unnecessary unless you can come up with a scenario where the recursion depth error is unacceptable (eval-ing arbitrary user input doesn't count, for obvious reasons). -- nosy: +josh.rosenberg ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22583 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue22583] Segmentation fault with string concatenation
Kevin Dyer added the comment: Gotcha. Thanks for the explanation. Two questions: 1) Given that it's probably not an out-of-memory issue, is it possible that this could turn into something more malicious? (e.g., an arbitrary code execution vulnerability?) 2) It's not obvious to me why eval-ing arbitrary user input doesn't count. Isn't an interpreter segfault a bad thing, even if it's a somewhat degenerate use case? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue22583 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com