[issue29494] AddressSanitizer: SEGV on unknown address 0x00009fff8001

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

Christian Heimes added the comment: Please stop flooding the bug tracker with automated messages. All your 'exploits' are using ctypes. ctypes code is not memory safe and can easily trigger all sorts of bugs and crashes. -- nosy: +christian.heimes

[issue29493] AddressSanitizer: SEGV on unknown address 0x000cffff800d

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29492] AddressSanitizer: SEGV on unknown address 0x0000a0013639

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

Changes by BeginVuln : -- type: -> security ___ Python tracker ___ ___

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

Christian Heimes added the comment: _ctypes_test is an internal test helper module. It's not designed to be used outside of tests. The module contains quick and dirty C code for tests. Any bug in _ctypes_test is not a security bug. Feel free to contribute better code, though. --

[issue29491] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

Christian Heimes added the comment: _ctypes_test is an internal test helper module. It's not designed to be used outside of tests. The module contains quick and dirty C code for tests. Any bug in _ctypes_test is not a security bug. Feel free to contribute better code, though. --

[issue29490] AddressSanitizer: heap-buffer-overflow on address 0x60200000e72f

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29485] AddressSanitizer: SEGV on unknown address 0x7fab556df550

Stéphane Wirtel added the comment: See #issue29486 -- nosy: +matrixise resolution: -> duplicate stage: -> resolved status: open -> closed ___ Python tracker

[issue29489] AddressSanitizer: SEGV on unknown address 0x7f4a36c604d0

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29488] AddressSanitizer: SEGV on unknown address 0x0001a5525c1b

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29487] AddressSanitizer: heap-buffer-overflow on address 0x60200000e734

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29486] AddressSanitizer: SEGV on unknown address 0x7f16f88e3560

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29485] AddressSanitizer: SEGV on unknown address 0x7fab556df550

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29484] AddressSanitizer: heap-buffer-overflow on address 0x60200000e738

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29483] AddressSanitizer: heap-buffer-overflow on address 0x60200000e731

New submission from BeginVuln: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue29482] AddressSanitizer: attempting double-free on 0x60b000007050

New submission from xGblankGx: OS Version : Ubuntu 16.04 LTS Python download link : https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz Python version : 3.6.0 Normal build cmd : ./configure make Asan build cmd: export CC="/usr/bin/clang -fsanitize=address export

[issue28686] py.exe ignored PATH when using python3 shebang

Eryk Sun added the comment: > it's not possible to tell by inspection the version of a Python > interpreter. If getting the version of python[w].exe is ever required, it should be simple for 3.5+, for which python[w].exe has standard file version information with the product version (i.e.

[issue1353344] python.desktop

Changes by Petr Viktorin : -- nosy: +ncoghlan ___ Python tracker ___ ___

[issue29481] 3.6.0 doc describes 3.6.1 feature - typing.Deque

Changes by Raymond Hettinger : -- assignee: docs@python -> rhettinger nosy: +rhettinger ___ Python tracker ___

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

Roundup Robot added the comment: New changeset 1101819ba99afcb4d1b6495d49b17bdd0acfe761 by Victor Stinner in branch 'master': Fix refleaks if Py_EnterRecursiveCall() fails https://github.com/python/cpython/commit/1101819ba99afcb4d1b6495d49b17bdd0acfe761 --

[issue29481] 3.6.0 doc describes 3.6.1 feature - typing.Deque

New submission from Guy Arad: See: - https://docs.python.org/3.6/library/typing.html#typing.Deque - https://docs.python.org/3.5/library/typing.html#typing.Deque `typing.Deque` is expected to be included in 3.6.1: https://docs.python.org/3/whatsnew/changelog.html#python-3-6-1-release-candidate-1

[issue29432] wait_for(gather(...)) logs weird error message

Martin Teichmann added the comment: I added a solution to this problem. I just silence the bad error message by overwriting _GatheringFuture.__del__ to do nothing. This may have undesired side effects, though. -- ___ Python tracker

[issue29480] Mac OSX Installer SSL Roots

R. David Murray added the comment: I thought there was an open issue for using the Apple cert mechanisms natively, but I can't find it. Adding the OSX people to nosy. -- components: +macOS nosy: +ned.deily, r.david.murray, ronaldoussoren versions: +Python 3.7

[issue29478] email.policy.Compat32(max_line_length=None) not as documented

R. David Murray added the comment: That sounds reasonable to me. Clearly there is a missing test :) -- ___ Python tracker ___

[issue29477] Lambda with complex arguments is ctx STORE

R. David Murray added the comment: I presume this is a 2.7 only issue. I'm pretty sure the 2.7 AST isn't going to get changed in 2.7 at this point. -- nosy: +r.david.murray ___ Python tracker

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

Roundup Robot added the comment: New changeset 37705f89c72b by Victor Stinner in branch 'default': Fix refleaks if Py_EnterRecursiveCall() fails https://hg.python.org/cpython/rev/37705f89c72b -- ___ Python tracker

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

STINNER Victor added the comment: I needed this fix to work on issue #29465. I expected that my patch was reviewed, but woops, it wasn't the case and I missed a refleak. Hopefully, the refleak is now fixed! -- ___ Python tracker

[issue16011] "in" should be consistent with return value of __contains__

R. David Murray added the comment: You've got the right idea, but you are repeating yourself. Keep it as short as possible while still conveying the correct information. "coerce to boolean" is better than "apply bool", because the code may not in fact be using the bool function to do it.

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

Roundup Robot added the comment: New changeset 65d24ff4bbd3320acadb58a5e4d944c84536cb2c by Victor Stinner in branch 'master': Issue #29306: Fix usage of Py_EnterRecursiveCall() https://github.com/python/cpython/commit/65d24ff4bbd3320acadb58a5e4d944c84536cb2c --

[issue29466] pickle does not serialize Exception __cause__ field

Serhiy Storchaka added the comment: True. Attributes __context__, __cause__ and __traceback__ are not pickled. The traceback objects are even not pickleable. What is worse, some other non-special attributes are lost during pickling. For example name and path attributes of ImportError. >>>

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

STINNER Victor added the comment: I still need to backport fixes to Python 3.6, maybe even Python 3.5. -- ___ Python tracker ___

[issue29480] Mac OSX Installer SSL Roots

New submission from Edward Ned Harvey: I would like to suggest that the OSX installer automatically run "Install Certificates.command", or display a prompt to users saying "Run Now" during installation. Having the readme is helpful - but only after you google for 20 minutes, because of an

[issue29474] Grammatical errors in weakref.WeakValueDictionary docs

Marco Buttu added the comment: The second patch LGTM. In the first one there is a typo (see review). -- nosy: +marco.buttu ___ Python tracker ___

[issue29306] Check usage of Py_EnterRecursiveCall() and Py_LeaveRecursiveCall() in new FASTCALL functions

Roundup Robot added the comment: New changeset 88ed9d9eabc1 by Victor Stinner in branch 'default': Issue #29306: Fix usage of Py_EnterRecursiveCall() https://hg.python.org/cpython/rev/88ed9d9eabc1 -- nosy: +python-dev ___ Python tracker

[issue22594] Add a link to the regex module in re documentation

Marco Buttu added the comment: > With the VERSION0 flag (the default behaviour), it should > behave the same as the re module, and that's not going to change. Thanks for the clarification Matthew. However, the default version will change, as the regex PyPI page points out: "In the short term

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

song1st added the comment: Sorry, I thought I misunderstood the meaning. I want no "ACCEPT-ENCODING" even "ACCEPT-ENCODING: identity". I tried to modify the code from if 'accept-encoding' in header_names: to if not 'accept-encoding' in header_names: The http request will be no

[issue26204] compiler: ignore constants used as statements (don't emit LOAD_CONST+POP_TOP)

STINNER Victor added the comment: FYI the thread was in February 2016: https://mail.python.org/pipermail/python-dev/2016-February/143163.html "[Python-Dev] Issue #26204: compiler now emits a SyntaxWarning on constant statement" -- ___ Python tracker

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

Martin Panter added the comment: Please explain what the wrong behaviour that you see is, and what you expect the right behaviour should be. That code is intended to either keep any user-supplied Accept-Encoding header field, or send “Accept-Encoding: identity” if the field is not supplied.

[issue29479] httplib: could not skip "ACCEPT-ENCODING" header

New submission from song1st: When I tried to skip "ACCEPT-ENCODING" of header, I found the behavior was not right. I think the issue is the following two "if" in _send_request of httplib. def _send_request(self, method, url, body, headers): # Honor explicitly requested Host: and

[issue29478] email.policy.Compat32(max_line_length=None) not as documented

New submission from Martin Panter: By default, the email package turns single-line header fields into multi-line ones to try and limit the length of each line. The documentation says that

[issue12741] Add function similar to shutil.move that does not overwrite

Changes by Steven D'Aprano : -- versions: +Python 3.7 -Python 3.3 ___ Python tracker ___

[issue12741] Add function similar to shutil.move that does not overwrite

Changes by Steven D'Aprano : -- nosy: +steven.daprano ___ Python tracker ___ ___

[issue29463] Add `docstring` attribute to AST nodes

STINNER Victor added the comment: Oops, I spoke too fast :-) "1+1" is not removed. "1+1" is replaced with "2" by the peephole optimizer, whereas the compiler ignoring constants comes before the peephole optimizer. One more time, it would be better to implement constant folding at the AST

[issue29463] Add `docstring` attribute to AST nodes

STINNER Victor added the comment: 2017-02-08 10:08 GMT+01:00 INADA Naoki : > 6 def func2(): > 7 """func docstring""" > 8 1+1 1+1 is replaced with 2 and lone integer literals are removed by the peephole optimizer. See also the issue #26204.

[issue29477] Lambda with complex arguments is ctx STORE

New submission from Malthe Borch: Normally, lambda arguments (positional or keyword-based) are ctx PARAM, since they're parameters. But complex (packed) arguments are ctx STORE. This is a problem for AST transformation tools that can't reliably detect the name context. --

[issue29476] Simplify set_add_entry()

Serhiy Storchaka added the comment: Sets often are used in following pattern: def recurse(obj): if subobj not in proceeding: proceeding.add(obj) for subobj in links(obj): recurse(subobj) proceeding.discard(obj) In this case items

[issue29463] Add `docstring` attribute to AST nodes

INADA Naoki added the comment: Oh, I misunderstood something. patched Python 3.7 and system's Python 3.5 shows same output for code below. I'll check what is actually changed. inada-n@x250 ~/w/p/ast-docstring> cat -n x.py 1 """module docstring""" 2 3 def func(): 4

[issue29438] use after free in key sharing dict

Changes by Serhiy Storchaka : -- nosy: +Mark.Shannon, benjamin.peterson, rhettinger, tim.peters versions: +Python 3.5 ___ Python tracker

[issue29438] use after free in key sharing dict

Serhiy Storchaka added the comment: I think same patch should be applied to Python 3.5 too. -- ___ Python tracker ___

[issue29463] Add `docstring` attribute to AST nodes

Serhiy Storchaka added the comment: Support adding tests. Tests should cover all cases: module, class, function, coroutine and check also the first line number. What is the value of co_firstlineno if the function doesn't have any statements? def f(): '''docstring''' --

[issue29438] use after free in key sharing dict

INADA Naoki added the comment: > Why res == 0 is added? If PyDict_SetItem() triggers recursive calling of > _PyObjectDict_SetItem() which calls PyDict_SetItem() it may be possible that > the first PyDict_SetItem() is failed while the dict is changed by the second > PyDict_SetItem() and

[issue29438] use after free in key sharing dict

Serhiy Storchaka added the comment: Okay, if there is no way to test this with certainty, tests may be omitted. Why res == 0 is added? If PyDict_SetItem() triggers recursive calling of _PyObjectDict_SetItem() which calls PyDict_SetItem() it may be possible that the first PyDict_SetItem() is

[issue19217] Calling assertEquals for moderately long list takes too long

STINNER Victor added the comment: unittest_unified_diff.patch: Rebased patch for the default branch. My patch updates also unit tests. The patch changes the test output. If we decide to apply the patch, I propose to only apply it to the default branch (Python 3.7). The bug report is about a

[issue19217] Calling assertEquals for moderately long list takes too long

Changes by STINNER Victor : Added file: http://bugs.python.org/file46574/unified_diff.py ___ Python tracker ___

[issue29463] Add `docstring` attribute to AST nodes

STINNER Victor added the comment: def func(): "doc" + "string" Currently (Python 2.7-3.6), func.__doc__ is None. I suggest to add an unit test for this corner case, even if the result is going to change in a near future. We need to "specify" the expected behaviour, and make sure that we get

<    1   2