New submission from Gregory P. Smith <[EMAIL PROTECTED]>:
In _PyUnicode_New() a unicode object is taken from the freelist but if
the unicode_resize() call fails and returns -1, the goto onerror calls
_Py_ForgetReference on the unicode object... But it has NULL _ob_prev
and _ob_next values causing a crash when they're used.
How to reproduce:
* Make a 32-bit --with-pydebug build of Python trunk.
* Run it on a machine with lots of ram (at least 3gigs recommended, or
lots of swap and a heap of patience):
./python
Python 2.6a2+ (trunk:62336M, Apr 13 2008, 18:51:30)
>>> msg = 'A'*2000111222
>>> x = msg.decode('utf8')
It segmentation faults in _Py_ForgetReference.
----------
messages: 65456
nosy: gregory.p.smith
severity: normal
status: open
title: _Py_ForgetReference crash when called from _PyUnicode_New on MemoryError
type: crash
versions: Python 2.6
__________________________________
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue2629>
__________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
