python core dump (SIGBUS) on Solaris
Stephen J. Turner
sjturner at ix.netcom.com
Wed Jul 7 11:25:08 EDT 1999
Gary Pennington - UK Performance Centre wrote:
> I've done (a lot) more investigation since yesterday. It appears that the
> problem is being generated inside cPickle in the loads function. I altered the
> Cookie._debabelize function to trap the error more explicitly and found the
> following:-
>
> Test Code :-
>
> str = _unquote(val)
> try:
> return loads(str)
> except Exception:
> return str
>
> Python 1.5.2 (#1, Jul 6 1999, 16:50:14) [GCC egcs-2.91.66 19990314
> (egcs-1.1.2 on sunos5
> Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
> >>> import Cookie
> >>> C=Cookie.Cookie()
> >>> C.load("webJudgeUser=garyp;")
> Traceback (innermost last):
> File "<stdin>", line 1, in ?
> File "/usr/local/lib/python1.5/Cookie.py", line 544, in load
> self.__ParseString(rawdata)
> File "/usr/local/lib/python1.5/Cookie.py", line 572, in __ParseString
> M.set(K, apply(self.net_setfunc, (V,)), V)
> File "/usr/local/lib/python1.5/Cookie.py", line 342, in _debabelize
> return loads(str)
> cPickle.BadPickleGet: path
> >>>
>
> Hmmm, something going wrong in the cPickle loads function not being trapped in
> the exception handler unless you specifically state Exception.
There's a bug in cPickle that causes heap corruption if loads is passed
a string (as opposed to a pickled object) starting with 'g', 'h' or
'j'. Try applying the attached patch to the Python 1.5.2
Modules/cPickle.c source file, recompile python, and then see if the
problem goes away.
Regards,
Stephen
--
Stephen J. Turner <sjturner at ix.netcom.com>
-------------- next part --------------
Index: cPickle.c
===================================================================
RCS file: /projects/cvsroot/python/dist/src/Modules/cPickle.c,v
retrieving revision 2.36
diff -u -r2.36 cPickle.c
--- cPickle.c 1999/06/15 14:36:59 2.36
+++ cPickle.c 1999/07/07 14:57:17
@@ -3017,6 +3017,7 @@
PyObject *py_str = 0, *value = 0;
int len;
char *s;
+ int rc;
if ((len = (*self->readline_func)(self, &s)) < 0) return -1;
if (len < 2) return bad_readline();
@@ -3024,14 +3025,16 @@
UNLESS (py_str = PyString_FromStringAndSize(s, len - 1)) return -1;
value = PyDict_GetItem(self->memo, py_str);
- Py_DECREF(py_str);
if (! value) {
PyErr_SetObject(BadPickleGet, py_str);
- return -1;
- }
+ rc = -1;
+ } else {
+ PDATA_APPEND(self->stack, value, -1);
+ rc = 0;
+ }
- PDATA_APPEND(self->stack, value, -1);
- return 0;
+ Py_DECREF(py_str);
+ return rc;
}
@@ -3040,6 +3043,7 @@
PyObject *py_key = 0, *value = 0;
unsigned char key;
char *s;
+ int rc;
if ((*self->read_func)(self, &s, 1) < 0) return -1;
@@ -3047,14 +3051,16 @@
UNLESS (py_key = PyInt_FromLong((long)key)) return -1;
value = PyDict_GetItem(self->memo, py_key);
- Py_DECREF(py_key);
if (! value) {
PyErr_SetObject(BadPickleGet, py_key);
- return -1;
- }
+ rc = -1;
+ } else {
+ PDATA_APPEND(self->stack, value, -1);
+ rc = 0;
+ }
- PDATA_APPEND(self->stack, value, -1);
- return 0;
+ Py_DECREF(py_key);
+ return rc;
}
@@ -3063,6 +3069,7 @@
PyObject *py_key = 0, *value = 0;
unsigned char c, *s;
long key;
+ int rc;
if ((*self->read_func)(self, &s, 4) < 0) return -1;
@@ -3078,14 +3085,16 @@
UNLESS (py_key = PyInt_FromLong((long)key)) return -1;
value = PyDict_GetItem(self->memo, py_key);
- Py_DECREF(py_key);
if (! value) {
PyErr_SetObject(BadPickleGet, py_key);
- return -1;
- }
+ rc = -1;
+ } else {
+ PDATA_APPEND(self->stack, value, -1);
+ rc = 0;
+ }
- PDATA_APPEND(self->stack, value, -1);
- return 0;
+ Py_DECREF(py_key);
+ return rc;
}
More information about the Python-list
mailing list