[Patches] [ python-Patches-1005778 ] Avoid seg fault if list object
is modified during list.index
SourceForge.net
noreply at sourceforge.net
Mon Aug 9 07:34:08 CEST 2004
Patches item #1005778, was opened at 2004-08-09 05:34
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1005778&group_id=5470
Category: Core (C code)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Dima Dorfman (ddorfman)
Assigned to: Nobody/Anonymous (nobody)
Summary: Avoid seg fault if list object is modified during list.index
Initial Comment:
The list.index implementation can be coerced into indexing past
the end of ob_item. It calls PyObject_RichCompareBool (which
may call into Python) in a loop, but the loop counter is only
checked against a cached copy of the list size, so if the list
shrinks during the comparison, the next counter value may be out
of bounds. The patch includes a test case that causes unpatched
Pythons to seg fault.
I checked the other uses of PyObject_RichCompareBool in
listobject.c, and all of them look safe (but I mostly glossed over
the mergesort uses, which I'm sure have been painstakingly
verified and tested by its author).
(NB: The change to list_tests.py references the revision number of
the post-patch listobject.c. When this is committed, please make
sure that, that revision number is still current.)
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1005778&group_id=5470
More information about the Patches
mailing list