Brian Cain added the comment:
Sorry, the report would have been clearer if I'd included a build with symbols
and a stack trace.
The test was inspired by the test from issue24022
(https://hg.python.org/cpython/rev/03b2259c6cd3), it sounds like it should not
have been.
But indeed it seems
Brian Cain added the comment:
Here is a more useful ASan report:
=
==12168==ERROR: AddressSanitizer: heap-use-after-free on address 0x6251e110
at pc 0x00697238 bp 0x7fff412b9240 sp 0x7fff412b9238
READ of size 1
Changes by Brian Cain <brian.c...@gmail.com>:
--
type: -> crash
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25388>
___
___
New submission from Brian Cain:
This issue is similar to (but I believe distinct from) the one reported earlier
as http://bugs.python.org/issue24022. Tokenizer failures strike me as
difficult to exploit, but risky nonetheless.
Attached is a test case that illustrates the problem
Changes by Brian Cain <brian.c...@gmail.com>:
--
title: tokenizer crash/misbehavior -> tokenizer crash/misbehavior -- heap
use-after-free
___
Python tracker <rep...@bugs.python.org>
<http://bugs.pyt
Brian Cain added the comment:
asan output
--
Added file: http://bugs.python.org/file40765/asan.txt
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
Brian Cain added the comment:
Whoops, that's not right. Corrected.
--
Added file: http://bugs.python.org/file39942/ssl_convert_3rd.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24655
Brian Cain added the comment:
New patch.
--
Added file: http://bugs.python.org/file39941/ssl_convert_2nd.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24655
New submission from Brian Cain:
_ssl.c has a convert() macro which misuses the do { ... } while(0) pattern
by accidentally omitting the do.
This was discovered when building with clang, it reports while loop has empty
body. Effectively, convert puts the body into gratuitous scope braces
Brian Cain brian.c...@gmail.com added the comment:
Please don't close the issue.
Joining aside, the basic point (But when size = 7279, the data submitted
reaches 64k, so the writting thread blocks on the write syscall.) is not
clear from the docs, right?
IMO, it would be nice if I could ask my
New submission from Brian Cain brian.c...@gmail.com:
When calling Process' join([timeout]) method, the timeout expiration case is
indistinguishable from the successful join. I suppose the 'exitcode' attribute
can deliver the necessary information, but perhaps join could stand on its own
Brian Cain brian.c...@gmail.com added the comment:
I don't think the problem is limited to when hundreds of megabytes are being
transmitted. I believe I am experiencing a problem with the same root cause
whose symptoms are slightly different. It seems like there's a threshhold
which causes
Brian Cain brian.c...@gmail.com added the comment:
I was able to reproduce the problem on a more recent release.
7279 entries fails, 7278 entries succeeds.
$ ./multiproc3.py
on 3.1.2 (r312:79147, Apr 15 2010, 12:35:07)
[GCC 4.4.3] - Linux mini 2.6.32-26-generic #47-Ubuntu SMP Wed Nov 17 15
Brian Cain brian.c...@gmail.com added the comment:
Detailed stack trace when the failure occurs (gdb_stack_trace.txt)
--
Added file: http://bugs.python.org/file19983/gdb_stack_trace.txt
___
Python tracker rep...@bugs.python.org
http://bugs.python.org
14 matches
Mail list logo