[issue22583] Segmentation fault with string concatenation

2014-10-09 Thread STINNER Victor 

STINNER Victor added the comment:

 Then, on Ubuntu 14.04, 32-bit:
 $ python mega_concat.py 
 Segmentation fault (core dumped)

What is your Python version? It looks like Ubuntu Trusty provides Python 2.7.6. 
I'm unable to reproduce the issue on ArchLinux 32-bit with Python 2.7.8. The 
issue was maybe fixed between 2.7.6 and 2.7.8.

[haypo@arch32 ~]$ cat megaconcat.py 

N = 2**17
my_array = []
for i in range(N):
  my_array.append(\\)
print('+'.join(my_array))

[haypo@arch32 ~]$ python2 -V
Python 2.7.8

[haypo@arch32 ~]$ ulimit -v 8000
[haypo@arch32 ~]$ python2 megaconcat.py 
Traceback (most recent call last):
  File megaconcat.py, line 5, in module
my_array.append(\\)
MemoryError

--
nosy: +haypo

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22583
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22583] Segmentation fault with string concatenation

2014-10-09 Thread Josh Rosenberg 

Josh Rosenberg added the comment:

You're supposed to use that code to create a file (the output file is just 
+...+).

If you want something that won't MemoryError generating the file, this is a 
memory free version of the code to generate the file:

import itertools, sys
sys.stdout.writelines(itertools.repeat('+', 2**17))
print('')

Run that code (saved as whatever file name you like) and pipe the output to 
mega_concat.py, then run mega_concat.py to repro.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22583
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22583] Segmentation fault with string concatenation

2014-10-08 Thread Kevin Dyer 

New submission from Kevin Dyer:

The following can be used to generate a file called mega_concat.py:

N = 2**17
my_array = []
for i in range(N):
  my_array.append(\\)
print '+'.join(my_array)

Then, on Ubuntu 14.04, 32-bit:

$ python mega_concat.py 
Segmentation fault (core dumped)
$ python3 mega_concat.py 
RuntimeError: maximum recursion depth exceeded during compilation

Seems like this is a simple out-of-memory issue.

--
components: Interpreter Core
messages: 228809
nosy: Kevin.Dyer
priority: normal
severity: normal
status: open
title: Segmentation fault with string concatenation
type: crash
versions: Python 2.7

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22583
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22583] Segmentation fault with string concatenation

2014-10-08 Thread Josh Rosenberg 

Josh Rosenberg added the comment:

It's not out of memory at all. It's (probably) a blown stack during compilation 
optimization. Modern Py3 has fixed this by simply preventing silly levels of 
literal concatenation like this causing indefinite call stack expansion; the 
older ones just allowed the call stack to grow out of control (and the stack 
can blow long before memory is exhausted).

I doubt a fix would be backported, and a fix for Py3 seems unnecessary unless 
you can come up with a scenario where the recursion depth error is unacceptable 
(eval-ing arbitrary user input doesn't count, for obvious reasons).

--
nosy: +josh.rosenberg

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22583
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue22583] Segmentation fault with string concatenation

2014-10-08 Thread Kevin Dyer 

Kevin Dyer added the comment:

Gotcha. Thanks for the explanation.

Two questions:

1) Given that it's probably not an out-of-memory issue, is it possible that 
this could turn into something more malicious? (e.g., an arbitrary code 
execution vulnerability?)
2) It's not obvious to me why eval-ing arbitrary user input doesn't count. 
Isn't an interpreter segfault a bad thing, even if it's a somewhat degenerate 
use case?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue22583
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com