New submission from Christian Schubert <b...@apexo.de>: invoking select.poll.poll() concurrently from multiple threads frequently yields garbage in one thread:
while poll_poll in thread 1 is parsing its result, another thread 2 calling poll may overwrite revents; assuming poll_result was 1 in thread 1 and thread 2 managed to clear all revents before thread 1 started scanning ufds, thread 1 would iterate straight through all ufds, past its bounds (no bound checks there), and return the first out-of-bounds entry that happens to have revents != 0 this issue needs at least documentation (although bounds-checking to prevent garbage in the result wouldn't hurt) also, since there doesn't seem to be any locking w/ regards to ufds, it might be possible to corrupt python's heap, by concurrently invoking poll_register and poll_poll. poll_register could move the ufds array to another location while resizing it and poll_poll would subsequently overwrite memory that is not allocated anymore or allocated by someone else (did not test that) python 2.5.5 ---------- assignee: d...@python components: Documentation, Library (Lib) messages: 106815 nosy: apexo, d...@python priority: normal severity: normal status: open title: select.poll is not thread safe type: behavior versions: Python 2.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue8865> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
