Issue1541585
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2006-08-16 21:27 by sfllaw, last changed 2022-04-11 14:56 by admin. This issue is now closed.
Files | ||||
---|---|---|---|---|
File name | Uploaded | Description | Edit | |
python2.4-2.4.3_unicodeobject.c.diff | sfllaw, 2006-08-16 21:28 | Patch | ||
unicode_escape_fix.py | georg.brandl, 2006-10-07 18:41 |
Messages (6) | |||
---|---|---|---|
msg50919 - (view) | Author: Simon Law (sfllaw) * | Date: 2006-08-16 21:27 | |
From https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633 Benjamin C. Wiley Sittler reports: hi, i discovered a bug yesterday in repr() for unicode strings. this causes an unpatched non-debug wide (UTF-32/UCS-4) build of python to abort: python2.4 -c 'assert(repr(u"\U00010000" * 39 + u"\uffff" * 4096)) == (repr(u"\U00010000" * 39 + u"\uffff" * 4096))' the problem is fixed by a change to unicodeobject.c. in the process of fixing it i also found and fixed another bug in repr() on UCS-4 python builds -- previously paired unicode surrogates were being repr()'ed as a single "character" even though they are not treated as such by a UCS-4 python build -- i.e. eval(repr(u'\ud800\udc00')) != u'\ud800\udc00' in an unpatched UCS-4 build. Package: python2.4 Version: 2.4.3-7ubuntu2 Severity: important when i run this command: python -c "repr(u'\u24ea\u059c\u200a\U0001d77e\uff07\u202f\u0747\u202f \U0001d56b\U0001d5b9\U0001d4e9\u20052\u14bf\U0001d7f8\u200a\U0001d795 \U0001d6e7Z\u2006\u2002\U0001d50a\uff27\u13c0\u2000\uff16\u0411\uff16 \U0001d7e7\uff4c\u2006\u2001\ufe39\u2008\u0313]\u2008\u3014\u3015')" python aborts with the following backtrace and memory dump: *** glibc detected *** python: realloc(): invalid next size: 0x081521e8 *** ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6[0xb7e8acd4] /lib/tls/i686/cmov/libc.so.6(__libc_realloc+0xff)[0xb7e8cc5f] python(_PyString_Resize+0x80)[0x8082b4b] python[0x80991f7] python(PyObject_Repr+0x58)[0x807d1fd] python(PyEval_EvalFrame+0x4b37)[0x80b5270] python(PyEval_EvalCodeEx+0x836)[0x80b65d6] python(PyEval_EvalCode+0x57)[0x80b6640] python(PyRun_SimpleStringFlags+0xa8)[0x80d8b7c] python(Py_Main+0x685)[0x8055862] python(main+0x22)[0x80550e2] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd8)[0xb7e378b8] python[0x8055041] ======= Memory map: ======== 08048000-0811a000 r-xp 00000000 08:03 622736 /usr/bin/python2.4 0811a000-0813b000 rw-p 000d1000 08:03 622736 /usr/bin/python2.4 0813b000-081b5000 rw-p 0813b000 00:00 0 [heap] b7c00000-b7c21000 rw-p b7c00000 00:00 0 b7c21000-b7d00000 ---p b7c21000 00:00 0 b7d40000-b7d4a000 r-xp 00000000 08:03 376899 /lib/libgcc_s.so.1 b7d4a000-b7d4b000 rw-p 00009000 08:03 376899 /lib/libgcc_s.so.1 b7d68000-b7d9b000 r--p 00000000 08:03 82634 /usr/lib/locale/en_US.utf8/LC_CTYPE b7d9b000-b7d9e000 r-xp 00000000 08:03 625529 /usr/lib/python2.4/lib-dynload/_locale.so b7d9e000-b7d9f000 rw-p 00003000 08:03 625529 /usr/lib/python2.4/lib-dynload/_locale.so b7d9f000-b7e22000 rw-p b7d9f000 00:00 0 b7e22000-b7f51000 r-xp 00000000 08:03 66543 /lib/tls/i686/cmov/libc-2.4.so b7f51000-b7f53000 r--p 0012e000 08:03 66543 /lib/tls/i686/cmov/libc-2.4.so b7f53000-b7f55000 rw-p 00130000 08:03 66543 /lib/tls/i686/cmov/libc-2.4.so b7f55000-b7f58000 rw-p b7f55000 00:00 0 b7f58000-b7f7c000 r-xp 00000000 08:03 66547 /lib/tls/i686/cmov/libm-2.4.so b7f7c000-b7f7e000 rw-p 00023000 08:03 66547 /lib/tls/i686/cmov/libm-2.4.so b7f7e000-b7f80000 r-xp 00000000 08:03 68161 /lib/tls/i686/cmov/libutil-2.4.so b7f80000-b7f82000 rw-p 00001000 08:03 68161 /lib/tls/i686/cmov/libutil-2.4.so b7f82000-b7f83000 rw-p b7f82000 00:00 0 b7f83000-b7f85000 r-xp 00000000 08:03 66546 /lib/tls/i686/cmov/libdl-2.4.so b7f85000-b7f87000 rw-p 00001000 08:03 66546 /lib/tls/i686/cmov/libdl-2.4.so b7f87000-b7f96000 r-xp 00000000 08:03 68156 /lib/tls/i686/cmov/libpthread-2.4.so b7f96000-b7f98000 rw-p 0000f000 08:03 68156 /lib/tls/i686/cmov/libpthread-2.4.so b7f98000-b7f9a000 rw-p b7f98000 00:00 0 b7fb0000-b7fb7000 r--s 00000000 08:03 2130015 /usr/lib/gconv/gconv-modules.cache b7fb7000-b7fb9000 rw-p b7fb7000 00:00 0 b7fb9000-b7fd2000 r-xp 00000000 08:03 2737127 /lib/ld-2.4.so b7fd2000-b7fd4000 rw-p 00018000 08:03 2737127 /lib/ld-2.4.so bf99b000-bf9b3000 rw-p bf99b000 00:00 0 [stack] ffffe000-fffff000 ---p 00000000 00:00 0 [vdso] Aborted |
|||
msg50920 - (view) | Author: Neal Norwitz (nnorwitz) * | Date: 2006-08-21 22:22 | |
Logged In: YES user_id=33168 Committed revision 51448. (2.6) Committed revision 51450. (2.5) Someone should backport to 2.4, leaving open until then. |
|||
msg50921 - (view) | Author: Georg Brandl (georg.brandl) * | Date: 2006-08-22 08:26 | |
Logged In: YES user_id=849994 Applied to 2.4 in revision 51466. |
|||
msg50922 - (view) | Author: Georg Brandl (georg.brandl) * | Date: 2006-10-07 17:00 | |
Logged In: YES user_id=849994 Attaching a code file containing a Python version of the Unicode string escape routine for UCS-4 builds. (it only replaces repr() if called from python, so not everything is fixed, esp. "%r") |
|||
msg50923 - (view) | Author: Alexander Schremmer (alexanderweb) | Date: 2006-10-07 22:43 | |
Logged In: YES user_id=254738 The CVE issue for this bug is CVE-2006-4980, which currently still under review. |
|||
msg50924 - (view) | Author: Alexander Schremmer (alexanderweb) | Date: 2006-10-15 11:56 | |
Logged In: YES user_id=254738 The related security advisory is http://www.python.org/news/ security/PSF-2006-001/ |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:56:19 | admin | set | github: 43838 |
2006-08-16 21:27:59 | sfllaw | create |