[New-bugs-announce] [issue2242] Decoding UTF-7 with "ignore warnings" crashes Python on Windows Vista

Chris Palmer report at bugs.python.org
Thu Mar 6 03:31:03 CET 2008 

New submission from Chris Palmer:

When decoding some data as UTF-7 with the optional "ignore" argument,
Python (I am using 2.5.2) crashes. This happens only on Windows Vista (I
also tried Py 2.5.1 on Windows XP, Ubuntu 7, and FreeBSD 6). To
reproduce, set WinDbg as your post-mortem debugger and run this code:

    import os
    while True:
        a = os.urandom(16).decode("utf7", "ignore")

In WinDbg, you will see that Python died in isalnum with a bad pointer
dereference:

(f64.13b0): Access violation - code c0000005 (!!! second chance !!!)
eax=7c39a550 ebx=018e6837 ecx=0000ffe3 edx=00000003 esi=018edd66
edi=0000ffe3
eip=7c373977 esp=0021fc40 ebp=0000ffe3 iopl=0         nv up ei pl zr na
pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000            
efl=00010246
*** ERROR: Symbol file could not be found.  Defaulted to export symbols
for C:\Windows\system32\MSVCR71.dll -
MSVCR71!isalnum+0x35:
7c373977 0fb70448        movzx   eax,word ptr [eax+ecx*2]
ds:0023:7c3ba516=????
0:000> kb
ChildEBP RetAddr  Args to Child              
WARNING: Stack unwind information not available. Following frames may be
wrong.
0021fc3c 1e0dd81e 0000ffe3 00ff1030 0000012e MSVCR71!isalnum+0x35
00000000 00000000 00000000 00000000 00000000
python25!PyUnicode_DecodeUTF7+0x10e

It seems that a sanity check present in other Windows versions is
missing in Vista. The simplest possible test program:

#include "stdafx.h"
#include <ctype.h>

int _tmain(int argc, _TCHAR* argv[])
{
    isalnum(0xff8b);
    return 0;
}

causes Visual Studio 2005 to raise a debug assertion failure warning. I
guess that the assert is missing in the release build, and Python can be
tricked into providing the unsafe input to isalnum.

----------
components: Interpreter Core
messages: 63303
nosy: cpalmer
severity: normal
status: open
title: Decoding UTF-7 with "ignore warnings" crashes Python on Windows Vista
type: crash
versions: Python 2.5

__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2242>
__________________________________

More information about the New-bugs-announce mailing list