➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-12-21 08:10 by andrewmcnamara, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg23787 - (view) | Author: Andrew McNamara (andrewmcnamara) *  |
Date: 2004-12-21 08:10 | |
In _sre.c, data_stack_grow(), realloc'ed memory is not initialised
before use. When complex regexps are used, this results in a core
dump.
Initialising the newly allocated memory to 0x55 and executing an
offending regexp results in a fatal reference to an address like
0x55555558:
static int
data_stack_grow(SRE_STATE* state, int size)
{
int minsize, cursize;
minsize = state->data_stack_base+size;
cursize = state->data_stack_size;
if (cursize < minsize) {
void* stack;
cursize = minsize+minsize/4+1024;
TRACE(("allocate/grow stack %d\n", cursize));
stack = realloc(state->data_stack, cursize);
if (!stack) {
data_stack_dealloc(state);
return SRE_ERROR_MEMORY;
}
memset(stack+state->data_stack_size, 0x55, cursize-state-
>data_stack_size);
state->data_stack = stack;
state->data_stack_size = cursize;
}
return 0;
}
|
|||
| msg23788 - (view) | Author: Gustavo Niemeyer (niemeyer) * |
Date: 2004-12-21 12:37 | |
Logged In: YES user_id=7887 The real problem is not initializing realloced memory, but acknowledging memory reallocation in situations where data may be reallocated outside of the main matching function. Please, have a look at the bug at http://python.org/sf/1072259 for more information and for a patch fixing the problem. Thanks for reporting it! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:08 | admin | set | github: 41352 |
| 2004-12-21 08:10:54 | andrewmcnamara | create | |