This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: segfault in readline
Type: Stage:
Components: Library (Lib) Versions:
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: dsm001, loewis, mwh, quiver, sonderblade
Priority: normal Keywords:

Created on 2004-12-16 18:02 by dsm001, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (8)
msg23728 - (view) Author: DSM (dsm001) Date: 2004-12-16 18:02 
It's possible to produce segfaults using two functions
from the
readline module by giving them negative values (GNU
readline 4.3-10),
at least in some circumstances.  

Python 2.5a0 (#10, Dec 15 2004, 19:53:33) 
[GCC 3.3.3 (Debian 20040401)] on linux2
Type "help", "copyright", "credits" or "license" for
more information.
>>> import readline
[25290 refs]
>>> readline.remove_history_item(-1)
Segmentation fault

>>> readline.replace_history_item(-1,'abc')
Segmentation fault

gdb reveals it happens because the (external)
remove_history and replace_history_entry don't return
NULL in these cases.  I'm not sure whether we're
responsible for checking the sanity of inputs or the
GNU code should be returning NULL and isn't, but at
least sometimes it doesn't.
msg23729 - (view) Author: Michael Hudson (mwh) (Python committer) Date: 2004-12-17 14:18 
Logged In: YES 
user_id=6656

Hmm.  I can't reproduce this (also with readline 4.3).  Odd.
msg23730 - (view) Author: George Yoshida (quiver) (Python committer) Date: 2004-12-18 10:45 
Logged In: YES 
user_id=671362

FYI, I can reproduce this with :

- Python 2.4 & readline 4.3 under SuSE 9.1
- Python 2.5(snapshot as of 2004-12-17) & readline 4.3 under 
SuSE 9.1
- Python 2.4 & readline 4.3.5(?) under Cygwin
msg23731 - (view) Author: Michael Hudson (mwh) (Python committer) Date: 2004-12-19 16:41 
Logged In: YES 
user_id=6656

Do you want to fix it then? :)  I can't imagine it's that hard, but it would 
be easier for someone who can test that their fix helps...
msg23732 - (view) Author: George Yoshida (quiver) (Python committer) Date: 2004-12-20 10:57 
Logged In: YES 
user_id=671362

I'm +1 for sanity checking rather than waiting for the GNU
readline to return NULL in these functions.

It's just adding a few lines of code right after 
PyArg_ParseTuple :

  if (entry_number < 0) {
    PyErr_SetString(PyExc_ValueError,
                    "index cannot be a negative value");
    return NULL;
  }

Then you can work around the problem without worrying 
about the return value of remove_history nor 
replace_history_entry.
msg23733 - (view) Author: DSM (dsm001) Date: 2004-12-31 02:32 
Logged In: YES 
user_id=1175690

This one being simple enough for the likes of me to patch, I
did so -- 1093585.  Let the school of hard knocks begin!
msg23734 - (view) Author: Björn Lindqvist (sonderblade) Date: 2005-01-11 23:07 
Logged In: YES 
user_id=51702

I can confirm the bug with readline 4.3 and Python 2.5a0
(#1, Jan 11 2005, 23:22:16). dsm001's patch fixes it.
msg23735 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2005-03-03 11:13 
Logged In: YES 
user_id=21627

This should be now fixed with patch 1093585.
History
Date User Action Args
2022-04-11 14:56:08adminsetgithub: 41332
2004-12-16 18:02:57dsm001create