Issue876637
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-01-14 06:41 by mikesfpy, last changed 2022-04-11 14:56 by admin. This issue is now closed.
Files | ||||
---|---|---|---|---|
File name | Uploaded | Description | Edit | |
sock_crash.py | mikesfpy, 2004-01-14 06:41 | sock_crash.py |
Messages (6) | |||
---|---|---|---|
msg19683 - (view) | Author: Mike Pall (mikesfpy) | Date: 2004-01-14 06:41 | |
THE PROBLEM: The implementation of the socket_object.settimeout() method (socketmodule.c, function internal_select()) uses the select() system call with an unbounded file descriptor number. This will cause random stack corruption if fd>=FD_SETSIZE. This took me ages to track down! It happened with a massively multithreaded and massively connection-swamped network server. Basically most of the descriptors did not use that routine (because they were either pure blocking or pure non-blocking). But one module used settimeout() and with a little bit of luck got an fd>=FD_SETSIZE and with even more luck corrupted the stack and took down the whole server process. Demonstration script appended. THE SOLUTION: The solution is to use poll() and to favour poll() even if select() is available on a platform. The current trend in modern OS+libc combinations is to emulate select() in libc and call kernel-level poll() anyway. And this emulation is costly (both for the caller and for libc). Not so the other way round (only some systems of historical interest do that BTW), so we definitely want to use poll() if it's available (even if it's an emulation). And if select() is your only choice, then check for FD_SETSIZE before using the FD_SET macro (and raise some strange exception if that fails). [ I should note that using SO_RCVTIMEO and SO_SNDTIMEO would be a lot more efficient (kernel-wise at least). Unfortunately they are not universally available (though defined by most system header files). But a simple runtime test with a fallback to poll()/select() would do. ] A PATCH, A PATCH? Well, the check for FD_SETSIZE is left as an exercise for the reader. :-) Don't forget to merge this with the stray select() way down by adding a return value to internal_select(). But yes, I can do a 'real' patch with poll() [and even one with the SO_RCVTIMEO trick if you are adventurous]. But, I can't test it with dozens of platforms, various include files, compilers and so on. So, dear Python core developers: Please discuss this and tell me, if you want a patch, then you'll get one ASAP. Thank you for your time! |
|||
msg19684 - (view) | Author: Troels Walsted Hansen (troels) | Date: 2004-06-10 11:15 | |
Logged In: YES user_id=32863 I have created a patch to make socketmodule use poll() when available. See http://python.org/sf/970288 (I'm not allowed to attach patches to this bug item.) |
|||
msg19685 - (view) | Author: Neal Norwitz (nnorwitz) * | Date: 2006-02-07 07:18 | |
Logged In: YES user_id=33168 Thanks! Committed revision 42253. Committed revision 42254. (2.4) |
|||
msg19686 - (view) | Author: Arek Korbik (arkadini) | Date: 2006-02-09 15:20 | |
Logged In: YES user_id=1346917 Unfortunately r42253 breaks things on win32 (at least on my machine). By default FD_SETSIZE is 64 (winsock.h, winsock2.h). Even if the check from select module WAS included, that would end up in 512. Most of the time, first socket I create after starting python gets a fd > 900. What is a reasonable value for FD_SETSIZE then? 1024? Compared to the default value of 64 doesn't look that reasonable, though... Are there plans to "elaborate" on the last fix? |
|||
msg19687 - (view) | Author: Scott Dial (scott.dial) | Date: 2006-02-10 05:12 | |
Logged In: YES user_id=383208 The patch that has been applied has no relevance to Windows and should not be used when compiling for Windows. The use of an internal counter to assign descriptors to the fd_set array avoids the problem noted here so there is no such bug on Windows. Futhermore, as Arek notes, Windows creates descriptor numbers with no bound. |
|||
msg19688 - (view) | Author: Neal Norwitz (nnorwitz) * | Date: 2006-02-12 06:19 | |
Logged In: YES user_id=33168 Martin has fixed my Window's breakage by only checking for selectability on non-Windows platforms. |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:56:02 | admin | set | github: 39819 |
2009-02-14 13:57:08 | ajaksu2 | link | issue970288 dependencies |
2004-01-14 06:41:12 | mikesfpy | create |