New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
list.sort crasher #35016
Comments
The marshal module is on the default list of ok The new module, on the other hand, is not allowed. But marshal also gives this ability. To work out this string: (in unrestricted mode) def f(): pass
import marshal
badstring=marshal.dumps(f.func_code).replace('(\x01\x00\x00\x00N',
'(\x00\x00\x00\x00') which when loaded gives a code object with co_consts = Possible fixes: Easy: remove marshal from the list of approved Hard: Fix marshal (and perhaps new) by adding checks on Lateral thinking: prohibit On the other hand, there's not much point fixing this >>> class C:
... def __cmp__(self, other):
... pop(0)
... return 1
...
>>> gl = [C() for i in '1'*20]
>>> pop=gl.pop
>>> gl.sort()
Segmentation fault (core dumped) (should I submit this as a separate bug report?) |
Logged In: YES I think a reasonable approach to the first problem is to not The second crasher you mention is much more worrying, to me. I'll attach a patch to marshal (from another machine) and |
Logged In: YES Reassigning to Guido. The patch stops marshal from loading The list-crasher is a different issue, but I went over *my* I suppose we could instead check that the list base address |
Logged In: YES Michael's patch is fine -- the code-loading is not done The list issue could be fixed by adding a PyList_Check() But is it sufficient? I believe there are plenty of other Greg's bug report points out that rexec is far from If we can't deprecate rexec, perhaps we should add |
Logged In: YES OK, done, in: marshal.c version 1.67 Changed summary. |
Logged In: YES I'm not so interested in the list.sort crasher, so I'm |
Logged In: YES Sigh. I wished I'd picked this up earlier, but I haven't. |
Logged In: YES Is there any realistic chance of anything happening on this |
Logged In: YES Assuming "this front" means the list.sort() crasher, not |
Logged In: YES The list.sort() problem could be quickly solved by stealing The immutable list trick could be removed -- or kept around See patch http://www.python.org/sf/637176 |
Logged In: YES Assigned to me. |
Logged In: YES Armin's patch has been applied for 2.3, so closing this as |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: