[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread flox
flox added the comment: I reviewed the patch, and it seems partially redundant. Actually the "find" method was not broken. There is already a test "if (str_len < 0) return -1;" for this one. See attached patch. -- Added file: http://bugs.python.org/file15501/issue7458_rfind.diff

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
Changes by STINNER Victor : Removed file: http://bugs.python.org/file15495/str_find-2.patch ___ Python tracker ___ ___ Python-bugs-list mailing

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
Changes by STINNER Victor : Removed file: http://bugs.python.org/file15493/CRASH_rfind.py ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
Changes by STINNER Victor : Removed file: http://bugs.python.org/file15492/str_find.patch ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
Changes by STINNER Victor : Removed file: http://bugs.python.org/file15496/str_find-3.patch ___ Python tracker ___ ___ Python-bugs-list mailing

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: sys.maxint/sys.maxsize: oops, sys.maxsize *does* exist (in Python >= 2.6), sorry. Here is a new patch using sys.maxsize. Anyway, sys.maxsize sounds better because the integer overflow occurs in a Py_ssize_t variable (j). -- Added file: http://bugs.pyth

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: pitrou> You shouldn't harcode 1 << 63 and 1 << 64, but calculate pitrou> them based on sys.maxsize instead. (sys.maxint) Yes, you're right. Does str_find-3.patch looks better? It's not easy to always detect an Heisenbug :-) -- Added file: http://bugs.

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread Antoine Pitrou
Antoine Pitrou added the comment: You shouldn't harcode 1 << 63 and 1 << 64, but calculate them based on sys.maxsize instead. -- nosy: +pitrou ___ Python tracker ___

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread flox
flox added the comment: I got it to crash (2.7): ~ $ ./python Lib/test/regrtest.py string_tests test_unicode test_str test_unicode test test_unicode failed -- Traceback (most recent call last): AssertionError: -1 != -8276732 test_str test test_str failed -- Traceback (most recent call last): A

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: New patch with a more stable test. test_unicode does also fail (error or crash) without the patch on find.h. -- Added file: http://bugs.python.org/file15495/str_find-2.patch ___ Python tracker

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: > This bug does not occur on Debian 64 bits. It does, sometime :-) Read uninitiliazed memory doesn't always crash. $ python -c "'ab'.rfind('xxx', (1 << 63) + 10, 0)" Erreur de segmentation Note: my 64 bits test in CRASH_rfind.py is wrong, ctypes.c_long

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread flox
flox added the comment: This bug does not occur on Debian 64 bits. ~ $ uname -srvm Linux 2.6.30-bpo.1-amd64 #1 SMP Mon Aug 17 08:42:50 UTC 2009 x86_64 Tested with variants: from random import getrandbits self.checkequal(-1, 'ab', 'find', 'xxx', getrandbits(64), 0) self

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: The bug was introduced in Python 2.5 during the needforspeed sprint: r46469 (May 27 2006). http://wiki.python.org/moin/NeedForSpeed Python < 2.5 is not affected, Python 3.x is affected. CRASH_rfind.py is more stable and should always crash if your Python versi

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
STINNER Victor added the comment: In my test, start=6287518193 is an arbitrary value, it may crash or not. The test might use any random integer > 0. -- ___ Python tracker ___ __

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
Changes by STINNER Victor : -- keywords: +patch Added file: http://bugs.python.org/file15492/str_find.patch ___ Python tracker ___ ___

[issue7458] crash in str.find() and str.rfind() with invalid start value

2009-12-08 Thread STINNER Victor
New submission from STINNER Victor : str.find() and str.rfind() reads non initialized memory (using memcmp()) if start is bigger than end. Attached patch fixes the issue and includes a patch. -- components: Interpreter Core messages: 96117 nosy: haypo severity: normal status: open title