[issue43740] Long paths in imp.load_dynamic() lead to segfault

[Thomas Jollans]

Thomas Jollans <tjol at tjol.eu> added the comment:

I cannot reproduce this on my OpenSUSE (glibc 2.33, Linux 5.12.4) or Ubuntu 20.04 (glibc 2.31, Linux 5.4.0) machines, but I can reproduce it on an old Debian Stretch VM I happened to have lying around (glibc 2.24, Linux 4.9.0). (FreeBSD 12.2 and Windows 10 also fine.)

This doesn't look like a bug in Python, but like a bug in glibc (and Apple's libc?) (or Linux?) that is fixed in current versions.

This C program produces the same result - segfault on old Linux, error message on new Linux.

#include <stdio.h>
#include <dlfcn.h>
#include <stdlib.h>
#include <string.h>

static const char *FRAGMENT =  "abs/";
#define REPEATS 10000000

int main()
{
        size_t fragment_len = strlen(FRAGMENT);
        size_t len = fragment_len * REPEATS;
        char *name = malloc(len + 1);
        name[len] = '\0';
        for (char *p = name; p < name + len; p += fragment_len) {
                memcpy(p, FRAGMENT, fragment_len);
        }
        
        void *handle = dlopen(name, RTLD_LAZY);
        if (handle == NULL) {
                printf("Failed:\n%s\n", dlerror());
                free(name);
                return 1;
        } else {
                printf("Success.");
                dlclose(handle);
                free(name);
                return 0;
        }
}

----------
nosy: +tjollans

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue43740>
_______________________________________