[New-bugs-announce] [issue7758] cPickle segfault on invalid data

Dan Helfman report at bugs.python.org
Fri Jan 22 20:24:15 CET 2010 

New submission from Dan Helfman <dan.helfman at noaa.gov>:

The following code causes Python to segfault:

>>> import cPickle
>>> import cStringIO as io
>>> cPickle.load( io.StringIO( '0' ) )

Note that if the string is changed from '0' to '1', then the crash does not occur and an UnpicklingError is properly raised.

This is in MSYS on Windows XP with Python 2.6.4 from python.org:

$ gdb python
GNU gdb 5.2.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-mingw32"...(no debugging symbols found)...
(gdb) r -c "import cPickle; import cStringIO as io;  cPickle.load( io.StringIO( '0' ) )"
Starting program: c:\python26/python.exe -c "import cPickle; import cStringIO as io;  cPickle.load( io.StringIO( '0' ) )"

Program received signal SIGSEGV, Segmentation fault.
0x1e09ada3 in ?? ()
(gdb) bt
#0  0x1e09ada3 in ?? ()
#1  0x1e0e1fd5 in ?? ()
#2  0x00a4e290 in ?? ()
#3  0x1e1d1d30 in ?? ()
Cannot access memory at address 0x3

And this is on Mac OS X 10.5 with Python 2.6.4 from python.org:

$ gdb python
GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries .. done

(gdb) r -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )"
Starting program: /System/Library/Frameworks/Python.framework/Versions/2.6/bin/python -c "import cPickle; import cStringIO as io; cPickle.load( io.StringIO( '0' ) )"
Reading symbols for shared libraries +. done

Program received signal SIGTRAP, Trace/breakpoint trap.
0x8fe01010 in __dyld__dyld_start ()
(gdb) bt
#0  0x8fe01010 in __dyld__dyld_start ()
Cannot access memory at address 0x4

The same crash occurs on the Mac when using Apple's Python 2.5.1. However, on Linux with Debian stable's Python 2.5.2, I just get an UnpicklingError (stack underflow) exception without a crash.

----------
components: None
messages: 98157
nosy: dhelfman
severity: normal
status: open
title: cPickle segfault on invalid data
type: crash
versions: Python 2.6

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue7758>
_______________________________________

More information about the New-bugs-announce mailing list