[ python-Bugs-1088891 ] _sre.c references uninitialised memory

SourceForge.net Tue, 21 Dec 2004 00:11:08 -0800

Bugs item #1088891, was opened at 2004-12-21 19:10
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1088891&group_id=5470


Category: Regular Expressions
Group: Python 2.4
Status: Open
Resolution: None
Priority: 7
Submitted By: Andrew McNamara (andrewmcnamara)
Assigned to: Gustavo Niemeyer (niemeyer)
Summary: _sre.c references uninitialised memory

Initial Comment:
In _sre.c, data_stack_grow(), realloc'ed memory is not initialised 
before use. When complex regexps are used, this results in a core 
dump.

Initialising the newly allocated memory to 0x55 and executing an 
offending regexp results in a fatal reference to an address like 
0x55555558:

static int
data_stack_grow(SRE_STATE* state, int size)
{
    int minsize, cursize;
    minsize = state->data_stack_base+size;
    cursize = state->data_stack_size;
    if (cursize < minsize) {
        void* stack;
        cursize = minsize+minsize/4+1024;
        TRACE(("allocate/grow stack %d\n", cursize));
        stack = realloc(state->data_stack, cursize);
        if (!stack) {
            data_stack_dealloc(state);
            return SRE_ERROR_MEMORY;
        }
        memset(stack+state->data_stack_size, 0x55, cursize-state-
>data_stack_size);
        state->data_stack = stack;
        state->data_stack_size = cursize;
    }
    return 0;
}


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1088891&group_id=5470
_______________________________________________
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[ python-Bugs-1088891 ] _sre.c references uninitialised memory

Reply via email to