Public bug reported:
Bug description:
Module locale of CPython interpreter use dcigettext.c. When locale.dgettext()
is filled with long text, it will cause crashes. (Short text is fine)
======================================================
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import locale;locale.dgettext('abs'*10000000,'')
Segmentation fault (core dumped)
Testing with valgrind:
======================================================
~$ PYTHONMALLOC=malloc_debug valgrind python
Memcheck, a memory error detector
==4870== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==4870== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
==4870== Command: /home/xxm/Desktop/apifuzz/Python-3.10.0a6/python
==4870==
Python 3.10.0a6 (default, Mar 19 2021, 11:45:56) [GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import locale
>>> locale.dgettext('abs'*10000000,'')
==4870== Warning: client switching stacks? SP change: 0x1ffefff5c0 -->
0x1ffd363220
==4870== to suppress, use: --max-stackframe=30000032 or greater
==4870== Invalid write of size 8
==4870== at 0x5797E88: __dcigettext (dcigettext.c:675)
==4870== Address 0x1ffd363218 is on thread 1's stack
==4870==
==4870==
==4870== Process terminating with default action of signal 11 (SIGSEGV)
==4870== Access not within mapped region at address 0x1FFD363218
==4870== at 0x5797E88: __dcigettext (dcigettext.c:675)
==4870== If you believe this happened as a result of a stack
==4870== overflow in your program's main thread (unlikely but
==4870== possible), you can try to increase the size of the
==4870== main thread stack using the --main-stacksize= flag.
==4870== The main thread stack size used in this run was 8388608.
==4870== Invalid write of size 8
==4870== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57)
==4870== Address 0x1ffd363210 is on thread 1's stack
==4870==
==4870==
==4870== Process terminating with default action of signal 11 (SIGSEGV)
==4870== Access not within mapped region at address 0x1FFD363210
==4870== at 0x4A2867A: _vgnU_freeres (vg_preloaded.c:57)
==4870== If you believe this happened as a result of a stack
==4870== overflow in your program's main thread (unlikely but
==4870== possible), you can try to increase the size of the
==4870== main thread stack using the --main-stacksize= flag.
==4870== The main thread stack size used in this run was 8388608.
==4870==
==4870== HEAP SUMMARY:
==4870== in use at exit: 35,310,749 bytes in 35,706 blocks
==4870== total heap usage: 87,221 allocs, 51,515 frees, 44,733,752 bytes
allocated
==4870==
==4870== LEAK SUMMARY:
==4870== definitely lost: 0 bytes in 0 blocks
==4870== indirectly lost: 0 bytes in 0 blocks
==4870== possibly lost: 35,173,680 bytes in 34,899 blocks
==4870== still reachable: 137,069 bytes in 807 blocks
==4870== suppressed: 0 bytes in 0 blocks
==4870== Rerun with --leak-check=full to see details of leaked memory
==4870==
==4870== For lists of detected and suppressed errors, rerun with: -s
==4870== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
Testing with gdb
======================================================
$gdb ./python
(gdb) run
>>> locale.dgettext('abs'*10000000,'')
Program received signal SIGSEGV, Segmentation fault.
__dcigettext (
domainname=domainname@entry=0xadb030
"absabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsabsab"...,
msgid1=msgid1@entry=0x7ffff7fc09a0 "", msgid2=msgid2@entry=0x0,
plural=plural@entry=0, n=n@entry=0, category=category@entry=5) at
dcigettext.c:675
675 dcigettext.c: No such file or directory.
(gdb)
======================================================
ProblemType: Crash
$ldd --version
Ubuntu GLIBC 2.23-0ubuntu11.2) 2.23
$uname -a
Linux xxm 4.15.0-64-generic #73~16.04.1-Ubunut SMP Fri Sep 13, UTC 2019 x86_64
x86_64 x86_64 GNU/Linux
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1922646
Title:
Long text crash dcigettext.c with segfault
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1922646/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
