New submission from Gregory P. Smith: The readline module causes memory corruption (sometimes a crash) when the sys.stdin file descriptor is out of bounds for its FD_SET() call within readline.c's readline_until_enter_or_signal() function.
https://github.com/python/cpython/blob/master/Modules/readline.c#L1228 A tiny program reproducing this problem is attached. FD_SET should not be used if the file descriptor is too large for use in select() (ie: >= FD_SETSIZE). OTOH, we should probably just ditch select() entirely and use poll() here so that this issue does not exist. On Python 2.7-3.6 we probably need to preserve both select and poll options for platform compatibility reasons since those shipped that way. For Python 3.7 I suggest we stop supporting platforms that do not have poll() unless anyone knows of any that actually exist. ---------- components: Extension Modules files: crash_readline_fdset.py messages: 288825 nosy: gregory.p.smith priority: normal severity: normal stage: needs patch status: open title: readline memory corruption when sys.stdin fd >= FD_SETSIZE for select() type: crash versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7 Added file: http://bugs.python.org/file46689/crash_readline_fdset.py _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29700> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
