[New-bugs-announce] [issue17289] readline.set_completer_delims() doesn't play well with others

Bradley Froehle report at bugs.python.org
Sun Feb 24 18:32:42 CET 2013


New submission from Bradley Froehle:

The `readline.set_completer_delims` doesn't play well with others because
it assumes that only it ever allocates or modifies the
rl_completer_word_break_characters buffer.  If other programs modify this
value, for example changing it from heap allocated space to stack
allocated space, the results can be catastrophic.

To remind you, the function essentially works as:

    set_completer_delims(PyObject *self, PyObject *args)
    {
        // ...
        free((void*) rl_completer_word_break_characters;
        rl_completer_word_break_characters = strdup(break_chars);
        // ...
    }

where `break_chars` is the user provided string.

Take, for example, R as another programs which changes the readline
completer strings.  When an embedded R instance is initialized (say, using
`r2py`) something similar to the following takes place::

    static void
    set_rl_completer_word_break_characters(const char *new)
    {
        static char[201] buffer;
        strncpy(buffer, new, 200);
        rl_completer_word_break_characters = buffer;
    }

    static void
    initialize_embedded_R(...)
    {
        // ...
        set_rl_completer_word_break_characters(...);
    }

As you might expect the next trip through `readline.set_completer_delims`
after initializing R will be catastrophic when we attempt to free a stack
allocate buffer.

I think we should consider modifying the `readline.set_completer_delims`
to store the allocated buffers in the module state::

    set_completer_delims(PyObject *self, PyObject *args)
    {
        // ...
        free(_readlinestate_global->break_chars);
        rl_completer_word_break_characters = strdup(break_chars);
        _readlinestate_global->break_chars = rl_completer_word_break_characters;
        // ...
    }

This would prevent the segfault and memory leaks, and would render weird
hacks (like https://bitbucket.org/lgautier/rpy2/commits/408bae913653 in
the r2py code) unnecessary.

----------
components: Extension Modules
messages: 182882
nosy: bfroehle
priority: normal
severity: normal
status: open
title: readline.set_completer_delims() doesn't play well with others
type: crash
versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17289>
_______________________________________


More information about the New-bugs-announce mailing list