[New-bugs-announce] [issue46615] Segfault in set intersection (&) and difference (-)
Dennis Sweeney
report at bugs.python.org
Wed Feb 2 13:01:22 EST 2022
New submission from Dennis Sweeney <sweeney.dennis650 at gmail.com>:
Maybe related to https://bugs.python.org/issue8420
Somewhat obscure, but using only standard Python, and no frame- or gc-hacks, it looks like we can get a use-after-free:
from random import random
BADNESS = 0.0
class Bad:
def __eq__(self, other):
if random() < BADNESS:
set1.clear()
if random() < BADNESS:
set2.clear()
return True
def __hash__(self):
return 42
SIZE = 100
TRIALS = 10_000
ops = [
"|", "|=",
"==", "!=",
"<", "<=",
">", ">=",
# "&", # crash!
# "&=", # crash!
"^",
# "^=", # crash
# "-", # crash
"-=",
]
for op in ops:
stmt = f"set1 {op} set2"
print(stmt, "...")
for _ in range(TRIALS):
BADNESS = 0.00
set1 = {Bad() for _ in range(SIZE)}
set2 = {Bad() for _ in range(SIZE)}
BADNESS = 0.02
exec(stmt)
print("ok.")
----------
components: Interpreter Core
messages: 412386
nosy: Dennis Sweeney, rhettinger
priority: normal
severity: normal
status: open
title: Segfault in set intersection (&) and difference (-)
type: crash
versions: Python 3.10, Python 3.11, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46615>
_______________________________________
More information about the New-bugs-announce
mailing list