Brian Cain added the comment:
Here is a more useful ASan report:
=
==12168==ERROR: AddressSanitizer: heap-use-after-free on address 0x6251e110
at pc 0x00697238 bp 0x7fff412b9240 sp 0x7fff412b9238
READ of size 1 at
Brian Cain added the comment:
Sorry, the report would have been clearer if I'd included a build with symbols
and a stack trace.
The test was inspired by the test from issue24022
(https://hg.python.org/cpython/rev/03b2259c6cd3), it sounds like it should not
have been.
But indeed it
Changes by Brian Cain :
--
type: -> crash
___
Python tracker
<http://bugs.python.org/issue25388>
___
___
Python-bugs-list mailing list
Unsubscrib
Changes by Brian Cain :
--
title: tokenizer crash/misbehavior -> tokenizer crash/misbehavior -- heap
use-after-free
___
Python tracker
<http://bugs.python.org/issu
Brian Cain added the comment:
asan output
--
Added file: http://bugs.python.org/file40765/asan.txt
___
Python tracker
<http://bugs.python.org/issue25388>
___
___
New submission from Brian Cain:
This issue is similar to (but I believe distinct from) the one reported earlier
as http://bugs.python.org/issue24022. Tokenizer failures strike me as
difficult to exploit, but risky nonetheless.
Attached is a test case that illustrates the problem and the
Brian Cain added the comment:
Whoops, that's not right. Corrected.
--
Added file: http://bugs.python.org/file39942/ssl_convert_3rd.patch
___
Python tracker
<http://bugs.python.org/is
Brian Cain added the comment:
New patch.
--
Added file: http://bugs.python.org/file39941/ssl_convert_2nd.patch
___
Python tracker
<http://bugs.python.org/issue24
New submission from Brian Cain:
_ssl.c has a "convert()" macro which misuses the "do { ... } while(0)" pattern
by accidentally omitting the "do".
This was discovered when building with clang, it reports "while loop has empty
body". Effectively, con
Brian Cain added the comment:
Please don't close the issue.
Joining aside, the basic point ("But when size = 7279, the data submitted
reaches 64k, so the writting thread blocks on the write syscall.") is not
clear from the docs, right?
IMO, it would be nice if I could ask my qu
New submission from Brian Cain :
When calling Process' join([timeout]) method, the timeout expiration case is
indistinguishable from the successful join. I suppose the 'exitcode' attribute
can deliver the necessary information, but perhaps join could stand on its own.
If join
Brian Cain added the comment:
Detailed stack trace when the failure occurs (gdb_stack_trace.txt)
--
Added file: http://bugs.python.org/file19983/gdb_stack_trace.txt
___
Python tracker
<http://bugs.python.org/issue8
Brian Cain added the comment:
I was able to reproduce the problem on a more recent release.
7279 entries fails, 7278 entries succeeds.
$ ./multiproc3.py
on 3.1.2 (r312:79147, Apr 15 2010, 12:35:07)
[GCC 4.4.3] - Linux mini 2.6.32-26-generic #47-Ubuntu SMP Wed Nov 17 15:59:05
UTC 2010 i686
Brian Cain added the comment:
I don't think the problem is limited to when hundreds of megabytes are being
transmitted. I believe I am experiencing a problem with the same root cause
whose symptoms are slightly different. It seems like there's a threshhold
which causes not m
14 matches
Mail list logo
