[ python-Bugs-1088891 ] _sre.c references uninitialised memory
SourceForge.net
noreply at sourceforge.net
Tue Dec 21 09:10:54 CET 2004
Bugs item #1088891, was opened at 2004-12-21 19:10
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1088891&group_id=5470
Category: Regular Expressions
Group: Python 2.4
Status: Open
Resolution: None
Priority: 7
Submitted By: Andrew McNamara (andrewmcnamara)
Assigned to: Gustavo Niemeyer (niemeyer)
Summary: _sre.c references uninitialised memory
Initial Comment:
In _sre.c, data_stack_grow(), realloc'ed memory is not initialised
before use. When complex regexps are used, this results in a core
dump.
Initialising the newly allocated memory to 0x55 and executing an
offending regexp results in a fatal reference to an address like
0x55555558:
static int
data_stack_grow(SRE_STATE* state, int size)
{
int minsize, cursize;
minsize = state->data_stack_base+size;
cursize = state->data_stack_size;
if (cursize < minsize) {
void* stack;
cursize = minsize+minsize/4+1024;
TRACE(("allocate/grow stack %d\n", cursize));
stack = realloc(state->data_stack, cursize);
if (!stack) {
data_stack_dealloc(state);
return SRE_ERROR_MEMORY;
}
memset(stack+state->data_stack_size, 0x55, cursize-state-
>data_stack_size);
state->data_stack = stack;
state->data_stack_size = cursize;
}
return 0;
}
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1088891&group_id=5470
More information about the Python-bugs-list
mailing list